151 CVEs tracked today. 8 Critical, 71 High, 59 Medium, 1 Low.
-
CVE-2026-44672
CRITICAL
CVSS 9.3
Unauthenticated remote code execution in Mapfish Print (org.mapfish.print) allows attackers to execute arbitrary code via a code injection flaw in the Dynamic table feature. The vulnerability carries a CVSS 4.0 score of 9.3 with network-accessible, low-complexity exploitation requiring no privileges or user interaction. No public exploit identified at time of analysis, though the GHSA advisory and four parallel patched release lines indicate vendor-confirmed severity.
RCE
Code Injection
-
CVE-2026-42945
CRITICAL
CVSS 9.2
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows remote attackers to crash worker processes and potentially execute code on systems without ASLR. The vulnerability requires specific rewrite directive configurations using PCRE captures with question marks in replacement strings, combined with attacker-crafted HTTP requests and conditions beyond the attacker's control. F5 has released patches addressing this critical flaw. EPSS data unavailable; no KEV listing or public exploit identified at time of analysis, though the specific configuration requirements and dependency on external conditions likely limit widespread exploitation despite the 9.2 CVSS score.
RCE
Buffer Overflow
Heap Overflow
Nginx
Red Hat
-
CVE-2026-42062
CRITICAL
CVSS 9.3
OS command injection in ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 series) allows unauthenticated remote attackers to execute arbitrary system commands via crafted username parameter without authentication. The vulnerability affects multiple enterprise and consumer access point models running firmware v1.1.0-1.1.1, with public disclosure by JPCERT/CC and vendor advisory available from ELECOM. CVSS 4.0 score of 9.3 reflects critical severity with network attack vector, low complexity, and no privilege requirements, enabling complete system compromise of affected wireless infrastructure devices.
Command Injection
-
CVE-2026-40621
CRITICAL
CVSS 9.3
Unauthenticated remote access to ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 models) allows attackers to perform administrative operations via specific URLs that bypass authentication (CWE-288). With CVSS 4.0 score 9.3 (AV:N/AC:L/PR:N), this represents a critical access control failure enabling complete device compromise over the network. EPSS data not available; no confirmed active exploitation (not in CISA KEV) or public POC identified at time of analysis, though the vendor advisory from ELECOM and JPCERT coordination suggests real-world discovery.
Information Disclosure
-
CVE-2026-32661
CRITICAL
CVSS 9.3
Remote code execution in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud allows unauthenticated network attackers to execute arbitrary code via stack-based buffer overflow when pop3wallpasswd runs with grdnwww user privileges. Canon Marketing Japan has released patches for both on-premises (versions 1.4.00-2.4.26 affected) and SaaS deployments (pre-April 30, 2026 maintenance). CVSS 9.3 indicates critical severity with network vector and no authentication required, though EPSS score of 0.14% (33rd percentile) suggests limited real-world exploitation probability at time of analysis. SSVC assessment marks this as automatable with total technical impact but no confirmed exploitation.
RCE
Buffer Overflow
Stack Overflow
-
CVE-2026-8500
CRITICAL
CVSS 9.8
Remote code execution in Web::Passwd 0.03 and earlier allows unauthenticated network attackers to execute arbitrary system commands with web server privileges via command injection in the user parameter. The CVSS vector indicates network-accessible, low-complexity exploitation requiring no authentication or user interaction. EPSS score is low (0.04%, 12th percentile), suggesting limited real-world exploitation observed to date. No active exploitation confirmed by CISA KEV at time of analysis, though publicly available exploit code exists per oss-security disclosure.
Command Injection
Web
-
CVE-2025-27851
CRITICAL
CVSS 9.3
Cross-site WebSocket hijacking in Garmin WDU v1 1.4.6 and v2 5.0 allows remote attackers to gain full administrative control of the marine network device. Exploitation requires the victim to browse a malicious website while connected to both the Garmin Marine Network and another network simultaneously. EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation, but CVSS 9.3 reflects severe potential impact when conditions are met - this is a high-impact, low-probability threat primarily relevant to maritime environments with dual-network configurations.
CSRF
-
CVE-2025-11159
CRITICAL
CVSS 9.1
Remote code execution in Pentaho Data Integration & Analytics affects all versions through vulnerable H2 database JDBC driver. Authenticated data source administrators can execute arbitrary external scripts during database connection creation, achieving complete system compromise with potential container escape (CVSS scope changed). EPSS data not provided; no CISA KEV listing identified at time of analysis. Vendor advisory indicates patches available in versions 10.2.0.7 and 11.0.0.0.
Information Disclosure
-
CVE-2026-46300
HIGH
CVSS 7.8
Local privilege escalation in Linux kernel XFRM ESP-in-TCP subsystem (Fragnesia vulnerability) allows authenticated local attackers to overwrite kernel memory structures by exploiting arbitrary byte writes into the kernel page cache of read-only files. CVSS score of 7.8 reflects high impact across confidentiality, integrity, and availability. Low attack complexity (AC:L) and no user interaction requirement (UI:N) make this exploitable by any local user with basic privileges. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, but the specific vulnerability name 'Fragnesia' suggests coordinated disclosure with security research community.
Privilege Escalation
Linux
-
CVE-2026-45136
HIGH
CVSS 8.6
Local code execution in the claude-code-cache-fix npm package (v3.5.0 and v3.5.1) lets attacker-controlled filesystem path names run arbitrary Python inside a victim's Claude Code process. The bundled tools/quota-statusline.sh interpolates Claude Code's statusline hook stdin — which reflects user-controlled paths such as cwd, workspace.current_dir, workspace.project_dir, and transcript_path — directly into a Python triple-quoted literal, so a directory name containing the byte sequence ''' closes the literal early and executes following bytes as Python at the user's privilege on every statusline redraw. A working injection payload is publicly available exploit code (published in the GHSA advisory and the T6/T7 regression tests); the issue is not listed in CISA KEV and no EPSS score was provided.
RCE
Python
Command Injection
Node.js
-
CVE-2026-45134
HIGH
CVSS 7.1
Unsafe deserialization in LangSmith SDK's prompt pull methods allows remote attackers to execute server-side request forgery (SSRF) and redirect LLM traffic to attacker-controlled infrastructure when applications pull public prompts from LangSmith Hub. The SDK deserializes untrusted prompt manifests containing serialized LangChain objects with attacker-controlled constructor arguments, including malicious base_url configurations, custom headers, and secret references. Exploitation requires user interaction (developers must call pull_prompt with a malicious owner/name identifier), but no authentication is required to publish malicious prompts to the public Hub. Vendor-released patches in Python >= 0.8.0 and JS/TS >= 0.6.0 now block public prompt pulling by default, requiring explicit opt-in via dangerously_pull_public_prompt flag. EPSS data not available; no CISA KEV listing or public exploit identified at time of analysis.
Python
Deserialization
SSRF
-
CVE-2026-44798
HIGH
CVSS 7.1
Authenticated users with GitRepository modification privileges in Nautobot can manipulate the current_head field via REST API to force local repository clones to check out arbitrary commits, causing repository state inconsistency or denial of service. The unintended write access stems from improper REST API serializer configuration (CWE-471: Modification of Assumed-Immutable Data). Vendor-released patches in versions 2.4.33 and 3.1.2 add field-level access controls and input validation to prevent manipulation of the internal current_head tracking field. No public exploit identified at time of analysis, though exploitation requires only low-privilege authenticated API access.
Information Disclosure
-
CVE-2026-44797
HIGH
CVSS 8.5
Server-side request forgery (SSRF) in Nautobot's Webhook feature allows authenticated users with add/change permissions on the Webhook data model to configure malicious webhook URLs targeting internal hosts, cloud metadata endpoints, or other restricted network resources. Affects all versions prior to 2.4.33 and 3.x versions prior to 3.1.2. The vulnerability allows bypassing intended network boundaries and accessing services that should not be reachable from the Nautobot server. Vendor-released patches available in v2.4.33 and v3.1.2 introduce URL scheme restrictions, IP network blocklists, and hostname allow-lists to prevent SSRF exploitation. No public exploit identified at time of analysis, but CVSS base score of 8.5 reflects significant impact with scope change allowing access to resources beyond the vulnerable component's security context.
SSRF
-
CVE-2026-44724
HIGH
CVSS 7.8
Command injection in Node.js systeminformation library (versions 4.17.0 through 5.31.5) allows local authenticated attackers with NetworkManager configuration rights to execute arbitrary shell commands when networkInterfaces() is called on Linux systems. The vulnerability stems from unsanitized NetworkManager connection profile names being interpolated into three shell command strings executed via execSync(). While the library sanitizes network interface names, it fails to apply equivalent sanitization to connection profile names parsed from nmcli output. The vendor has released patch version 5.31.6. CVSS score of 7.8 (High) reflects local attack vector requiring low privileges, but successful exploitation grants full process privileges-critical when the calling application runs with elevated rights, as is common in monitoring agents, inventory tools, and system management dashboards.
Command Injection
Node.js
-
CVE-2026-44697
HIGH
CVSS 8.6
Remote unauthenticated attackers can crash Klever-Go blockchain validators by sending a single 48 KiB compressed gossip packet that decompresses to multi-gigabyte allocations, killing the process via out-of-memory condition. The vulnerability in Batch.Decompress performs unbounded gzip decompression before anti-flood checks execute, enabling a single malicious peer to OOM-kill validators and disrupt chain liveness. Proof-of-concept demonstrates 45,604× amplification (48 KiB wire → 2.1 GiB heap). No public exploit identified at time of analysis, but vendor confirms internal discovery and patch development in progress.
Information Disclosure
Apple
-
CVE-2026-44612
HIGH
CVSS 8.4
DLL hijacking in Bytello Share (Windows Edition) installer prior to version 5.13.0.4246 allows local attackers to execute arbitrary code with the privileges of the installing user. The installer insecurely loads DLLs from its current directory, enabling attackers who can place a malicious DLL in the same location to achieve code execution when a user runs the installer. EPSS probability is very low (0.01%, 3rd percentile) with no active exploitation identified, suggesting this requires significant local access prerequisites that limit real-world risk despite the high CVSS score.
RCE
Microsoft
-
CVE-2026-43481
HIGH
CVSS 7.8
Double-free condition in the Linux kernel's net-shapers subsystem allows local low-privileged attackers to corrupt kernel memory via the generic netlink interface. The flaw occurs because net_shaper_nl_get_doit() and net_shaper_nl_cap_get_doit() incorrectly call nlmsg_free() on a reply skb that was already consumed by genlmsg_reply(), enabling potential privilege escalation. No public exploit identified at time of analysis and EPSS scoring places exploitation probability at only 0.02%.
Information Disclosure
Linux
Red Hat
Suse
-
CVE-2026-43476
HIGH
CVSS 7.8
Local privilege escalation potential exists in the Linux kernel's IIO chemical sensor subsystem, specifically the sps30_i2c driver, where an incorrect sizeof() calculation in sps30_i2c_read_meas() uses sizeof(size_t) instead of sizeof(*meas), creating a buffer size mismatch. Affecting Linux kernel versions from 5.14 onward, the flaw could lead to memory corruption or out-of-bounds access when handling measurement data from Sensirion SPS30 particulate matter sensors over I2C. EPSS is very low at 0.02% and there is no public exploit identified at time of analysis, but a CVSS of 7.8 reflects high local impact on confidentiality, integrity, and availability.
Information Disclosure
Linux
Red Hat
Suse
-
CVE-2026-42946
HIGH
CVSS 8.3
Memory disclosure and denial-of-service in NGINX's SCGI and uWSGI proxy modules allow attackers with man-in-the-middle position between NGINX and upstream servers to read worker process memory or crash the service. Affects both NGINX Open Source and NGINX Plus when scgi_pass or uwsgi_pass directives are configured. The vulnerability requires network positioning between NGINX and its backend servers (AV:N with AT:P - Present attack complexity), making exploitation dependent on network architecture. No public exploit identified at time of analysis. CVSS 8.3 (High) reflects potential for confidential data exposure but limited by MITM prerequisite.
Information Disclosure
Nginx
Red Hat
Suse
-
CVE-2026-42937
HIGH
CVSS 7.1
Incorrect permission assignment in F5 BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST allows authenticated attackers to view sensitive adjacent network information due to improper access controls. The vulnerability affects multiple product lines and requires valid authentication to exploit, making it a privilege escalation concern for environments where lower-privileged users have access to management interfaces.
Information Disclosure
-
CVE-2026-42930
HIGH
CVSS 8.5
Authenticated administrators in F5 BIG-IP Appliance mode can bypass configuration restrictions designed to prevent system-level access. Administrators with the 'Administrator' role can circumvent Appliance mode lockdown controls, potentially modifying underlying system configurations that should be protected in this deployment mode. Vendor patch available per F5 Security Advisory K000160876. CVSS 8.5 reflects high confidentiality/integrity impact despite requiring privileged authentication.
Authentication Bypass
-
CVE-2026-42924
HIGH
CVSS 8.5
Privilege escalation in F5 BIG-IP allows authenticated Resource Administrators or Administrators to execute arbitrary OS commands by creating malicious SNMP configuration objects via the legacy iControl SOAP API. Attackers with high-level administrative credentials can break out of their role constraints to gain full system control. F5 has released patches addressing this command injection flaw (CWE-78). No active exploitation confirmed at time of analysis, but the CVSS:3.1 Changed Scope indicator and attack complexity of Low make this exploitable by any administrator with SOAP API access.
Privilege Escalation
Command Injection
-
CVE-2026-42920
HIGH
CVSS 8.7
Traffic Management Microkernel (TMM) in F5 BIG-IP terminates when processing specific traffic against UDP virtual servers configured with Client SSL profiles having Allow Dynamic Record Sizing enabled. Remote unauthenticated attackers can trigger complete service denial by sending crafted traffic, causing TMM process crashes. F5 has released patches per advisory K000160901.
Denial Of Service
-
CVE-2026-42919
HIGH
CVSS 7.1
Privilege escalation in F5 BIG-IP allows authenticated administrators to cross security boundaries and achieve elevated system access through a stack buffer overflow. The vulnerability affects all BIG-IP versions and requires high-privilege administrative credentials and direct network access to exploit. No public exploit code or active exploitation has been identified at time of analysis, but a vendor patch is available.
Buffer Overflow
Stack Overflow
-
CVE-2026-42781
HIGH
CVSS 7.1
Denial of service in F5 BIG-IP when Packet Velocity Acceleration (ePVA) is enabled allows local network attackers to exhaust ePVA and Traffic Management Microkernel (TMM) resources through crafted ethernet traffic, causing service degradation or unavailability. CVSS 6.5 (medium severity) reflects adjacent network access requirement and high availability impact. Patch availability confirmed via vendor advisory.
Denial Of Service
-
CVE-2026-42409
HIGH
CVSS 8.7
Remote unauthenticated attackers can crash F5 BIG-IP and BIG-IP Next Traffic Management Microkernel (TMM) processes via undisclosed malformed HTTP/2 requests when virtual servers are configured with both an HTTP/2 profile and iRules using HTTP::redirect or HTTP::respond commands. Exploitation requires no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N) and results in complete service disruption. Vendor patch available via F5 K000159034. EPSS data not provided, but the specific configuration requirement limits exposure to organizations using HTTP/2 with custom iRule redirects or responses.
Denial Of Service
Null Pointer Dereference
-
CVE-2026-42406
HIGH
CVSS 8.5
Arbitrary command execution in F5 BIG-IP and BIG-IQ Certificate Manager allows highly privileged attackers with Certificate Manager role to run OS commands by modifying configuration objects. The vulnerability requires network access and high privileges (PR:H) but enables scope change (S:C) with high confidentiality and integrity impact. Vendor-released patch available per F5 Security Advisory K000160971. EPSS data not provided; no confirmed active exploitation (not in CISA KEV) or public exploit code identified at time of analysis.
Information Disclosure
-
CVE-2026-41959
HIGH
CVSS 7.1
Incorrect permission assignment in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and iControl REST allows authenticated attackers to view network status of destination systems. Affected versions vary by product line; vendor has released patches. Authentication is required, limiting exposure to users with valid credentials, but the high confidentiality impact (CVSS 6.5) makes this a material information disclosure risk for organizations managing sensitive network infrastructure.
Information Disclosure
-
CVE-2026-41957
HIGH
CVSS 8.7
Remote code execution in F5 BIG-IP and BIG-IQ Configuration utility allows authenticated attackers with low privileges to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability stems from unsafe deserialization (CWE-502) in the management interface, exploitable over the network with low attack complexity and no user interaction required. Vendor-released patch available per F5 advisory K000156761. No public exploit identified at time of analysis, with CVSS 8.8 indicating critical severity for environments where attackers have valid low-privilege credentials to the Configuration utility.
RCE
Deserialization
-
CVE-2026-41956
HIGH
CVSS 8.7
Remote denial-of-service in F5 BIG-IP allows unauthenticated attackers to crash the Traffic Management Microkernel (TMM) by sending specially crafted UDP requests to virtual servers with classification profiles enabled. The vulnerability affects BIG-IP, BIG-IP Next CNF, and BIG-IP Next for Kubernetes platforms. No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE. Vendor-released patch available per F5 advisory K000158038.
Buffer Overflow
Stack Overflow
-
CVE-2026-41953
HIGH
CVSS 8.5
Privilege escalation in F5 BIG-IP allows authenticated Resource Administrator users to elevate privileges through configuration object manipulation. The command injection flaw (CWE-77) enables attackers with existing high-privilege access to gain administrative control over the BIG-IP system. CVSS score of 8.7 reflects high impact due to scope change (compromising beyond the vulnerable component), though exploitation requires existing Resource Administrator credentials (PR:H). EPSS data not provided; no CISA KEV listing indicates targeted rather than widespread exploitation.
Privilege Escalation
Command Injection
-
CVE-2026-41227
HIGH
CVSS 8.7
Remote memory exhaustion in F5 BIG-IP virtual servers crashes Traffic Management Microkernel when HTTP/2 Layer 7 DoS Protection receives undisclosed malformed traffic. Unauthenticated remote attackers can reliably terminate TMM processes, disrupting application delivery services. CVSS 7.5 (High) with network-exploitable, low-complexity characteristics and EPSS data not provided. Vendor patch available via F5 K000158979.
Denial Of Service
-
CVE-2026-41225
HIGH
CVSS 8.6
F5 BIG-IP iControl REST allows authenticated attackers with Manager role or higher to execute arbitrary commands through malicious configuration objects. This authenticated remote code execution vulnerability carries a CVSS score of 7.2 but requires high privileges (Manager role), significantly limiting the attack surface to insider threats or compromised administrator accounts. No public exploitation or proof-of-concept has been identified at time of analysis, and F5 has released vendor patches per advisory K000160916.
Information Disclosure
-
CVE-2026-41219
HIGH
CVSS 7.1
BIG-IP QKView utility fails to properly sanitize sensitive data in diagnostic files, allowing authenticated attackers to extract confidential information including credentials and system configuration details. The vulnerability affects both BIG-IP and BIG-IQ platforms and requires valid user credentials to exploit, limiting exposure to insider threats and compromised accounts within authorized access tiers.
Information Disclosure
-
CVE-2026-41218
HIGH
CVSS 8.7
Remote denial-of-service in F5 BIG-IP Policy Enforcement Manager (PEM) allows unauthenticated attackers to crash the Traffic Management Microkernel (TMM) via undisclosed traffic patterns when PEM-specific iRules are configured on a virtual server. The vulnerability is a use-after-free memory corruption issue (CWE-416) affecting CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and urlcatquery iRule commands. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates straightforward remote exploitation with high availability impact. EPSS data not provided, but F5 has released a vendor patch (K000160875). No public exploit or CISA KEV listing identified at time of analysis.
Information Disclosure
Use After Free
Memory Corruption
-
CVE-2026-41217
HIGH
CVSS 8.3
F5 BIG-IP TMOS shell (tmsh) allows authenticated administrators and resource administrators to execute arbitrary system commands with elevated privileges via an undisclosed command, potentially crossing security boundaries in Appliance mode deployments. The vulnerability requires high-privilege account access and local command-line interaction but poses significant risk to appliance-mode BIG-IP systems where privilege escalation could compromise the entire platform.
Information Disclosure
-
CVE-2026-40699
HIGH
CVSS 7.1
Information disclosure in F5 BIG-IP Configuration utility allows low-privileged authenticated attackers to access sensitive information through undisclosed pages, affecting the confidentiality of administrative data without requiring user interaction or privileged credentials beyond standard authentication.
Information Disclosure
-
CVE-2026-40698
HIGH
CVSS 8.5
Command injection in F5 BIG-IP and BIG-IQ SNMP configuration allows highly privileged Resource Administrators to escalate privileges to root via crafted iControl REST API calls or TMOS shell commands. Despite the high CVSS score (8.7), exploitation requires existing Resource Administrator credentials, significantly limiting real-world attack surface to insider threats or post-compromise scenarios. Vendor-released patches are available per F5 security advisory K000160981.
Privilege Escalation
Command Injection
-
CVE-2026-40631
HIGH
CVSS 8.5
Privilege escalation in F5 BIG-IP allows authenticated Resource Administrators to gain full Administrator privileges by exploiting insecure iControl SOAP API configuration handling. Attackers with high-privilege Resource Administrator access can modify configuration objects to escalate to Administrator level, achieving cross-scope access to confidential data and integrity compromise. EPSS risk assessment unavailable, but exploitation requires legitimate Resource Administrator credentials and network access to management interface, limiting attack surface to insider threats or compromised administrative accounts.
Privilege Escalation
Information Disclosure
Path Traversal
-
CVE-2026-40629
HIGH
CVSS 8.7
Denial of service in F5 BIG-IP virtual servers with SSL profiles allows remote unauthenticated attackers to exhaust connection processing via undisclosed traffic patterns, forcing affected servers to reject new client connections. The vulnerability affects multiple BIG-IP product lines including classic BIG-IP and all BIG-IP Next variants (SPK, CNF, Kubernetes). F5 has released vendor patches (K000158978), and with CVSS 7.5 (AV:N/AC:L/PR:N/UI:N), this represents a straightforward network-based DoS attack requiring no authentication or special complexity.
Denial Of Service
-
CVE-2026-40618
HIGH
CVSS 8.7
Traffic Management Microkernel (TMM) crashes in F5 BIG-IP Virtual Edition and hardware platforms when SSL profiles are configured without hardware crypto acceleration, allowing remote unauthenticated attackers to cause denial of service via undisclosed traffic patterns. CVSS 7.5 (High) with network attack vector and no prerequisites. EPSS data not provided, no CISA KEV listing identified, indicating theoretical rather than observed exploitation. Vendor patch available per F5 advisory K000158082.
Information Disclosure
Intel
-
CVE-2026-40462
HIGH
CVSS 7.1
Incorrect permission assignment in F5 BIG-IP iControl REST and TMOS shell (tmsh) allows authenticated attackers to view sensitive information through an undisclosed command. The vulnerability affects BIG-IP systems and requires valid credentials but no user interaction to exploit, enabling confidentiality compromise of data restricted to higher-privilege accounts.
Information Disclosure
-
CVE-2026-40423
HIGH
CVSS 8.7
Traffic Management Microkernel (TMM) crash in F5 BIG-IP versions 16.1.0 through 21.0.0.1 allows unauthenticated remote attackers to cause complete service disruption when a SIP profile is configured on a virtual server. The vulnerability requires specific configuration (SIP profile deployment) and enables denial of service through undisclosed malformed SIP traffic. EPSS data not available; no active exploitation confirmed by CISA KEV at time of analysis. Vendor patch available across all affected version branches with specific fix versions identified.
Denial Of Service
-
CVE-2026-40067
HIGH
CVSS 8.7
Remote denial of service in F5 BIG-IP Access Policy Manager (APM) allows unauthenticated attackers to crash the apmd process by sending specially crafted traffic to virtual servers with APM access policies configured. The vulnerability stems from a buffer overflow (CWE-120) and requires no authentication or user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N). EPSS data not provided; no CISA KEV listing indicates no confirmed widespread exploitation at time of analysis. F5 has released vendor patches per advisory K000161056.
Buffer Overflow
-
CVE-2026-40061
HIGH
CVSS 8.5
Authenticated attackers with Resource Administrator or Administrator role can execute arbitrary system commands via undisclosed iControl REST or BIG-IP TMOS Shell (tmsh) commands, potentially escalating privileges and crossing security boundaries in Appliance mode deployments. CVSS 6.5 reflects high privileges required (PR:H) but high confidentiality and integrity impact. No public exploit code identified at time of analysis.
Command Injection
-
CVE-2026-40060
HIGH
CVSS 8.7
F5 BIG-IP Advanced WAF and Application Security Manager (ASM) suffer from a denial-of-service vulnerability when processing specially crafted requests against virtual servers with active security policies. Undisclosed malformed requests cause the bd process to terminate, disrupting service availability. Remote unauthenticated attackers can exploit this with low complexity (CVSS:3.1 AV:N/AC:L/PR:N/UI:N) achieving high availability impact (CVSS 7.5). EPSS data not provided, no active exploitation confirmed via CISA KEV at time of analysis. Vendor patch available per F5 advisory K000160727.
Information Disclosure
-
CVE-2026-39806
HIGH
CVSS 8.7
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion.
'Elixir.Bandit.HTTP1.Socket':do_read_chunked_data!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is ...
Denial Of Service
Nginx
-
CVE-2026-39803
HIGH
CVSS 8.7
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.
The chunked clause of 'Elixir.Bandit.HTTP1.Socket':read_data/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when re...
Denial Of Service
-
CVE-2026-39459
HIGH
CVSS 8.6
Authenticated attackers with Manager role or higher in F5 BIG-IP can execute arbitrary commands via malicious configuration objects in iControl REST API and TMOS Shell (tmsh). This privilege escalation vulnerability allows administrators to break out of their intended access boundaries and achieve full system control. CVSS 7.2 (High) reflects network accessibility with high privileges required. No public exploit code or active exploitation confirmed at time of analysis.
Information Disclosure
-
CVE-2026-39458
HIGH
CVSS 8.7
Traffic Management Microkernel (TMM) denial-of-service in F5 BIG-IP DNS affects systems with DNS cache-enabled profiles on virtual servers. Remote unauthenticated attackers can crash TMM using undisclosed malicious traffic patterns, causing complete service disruption. CVSS 7.5 High severity with network vector and low complexity. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis. Vendor patch available per F5 K000160945.
Information Disclosure
Memory Corruption
-
CVE-2026-39455
HIGH
CVSS 8.7
Resource exhaustion in BIG-IP Configuration utility allows remote unauthenticated attackers to trigger file descriptor exhaustion in the httpd process when LDAP authentication is enabled. The attack achieves complete denial of service (CVSS A:H) through network-accessible undisclosed traffic patterns. F5 has released patches addressing this vulnerability. EPSS data not available, not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis.
Information Disclosure
-
CVE-2026-37430
HIGH
CVSS 7.3
Arbitrary file upload in qihang-wms (启航电商WMS) allows unauthenticated remote attackers to execute arbitrary code by uploading malicious files through the ShopOrderImportController component. The vulnerability affects commit 75c15a and potentially other versions of this warehouse management system. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and no active exploitation has been confirmed by CISA KEV at time of analysis. Public exploit documentation exists via GitHub/Gist references.
RCE
Java
File Upload
N A
-
CVE-2026-36741
HIGH
CVSS 7.2
Command injection in U-SPEED AC1200 Gigabit Wi-Fi Router (Model T18-21K) V1.0 allows authenticated administrators to execute arbitrary system commands with elevated privileges through the Network Time Protocol (NTP) configuration interface. The vulnerability stems from insufficient input sanitization in NTP settings fields, enabling full system compromise. CVSS score of 7.2 reflects high impact across confidentiality, integrity, and availability. Public proof-of-concept code exists via GitHub repository (N0tMilk/vulnerability-research), though no active exploitation has been confirmed via CISA KEV at time of analysis. EPSS data not available for risk probability assessment.
Command Injection
-
CVE-2026-35506
HIGH
CVSS 8.6
OS command injection in ELECOM wireless LAN access point devices allows authenticated administrators to execute arbitrary system commands via a crafted ping_ip_addr parameter. Affects multiple ELECOM WRC-series models including WRC-BE72XSD-B (v1.1.1 and earlier), WRC-BE65QSD-B (v1.1.0 and earlier), and WRC-W702-B (v1.1.0 and earlier). Despite the high CVSS 8.6 score, exploitation requires high-privilege (administrator) credentials, significantly limiting real-world risk to scenarios involving compromised admin accounts or malicious insiders. No active exploitation (KEV) or public POC has been identified at time of analysis. Vendor advisory available from ELECOM with remediation guidance.
Command Injection
-
CVE-2026-35062
HIGH
CVSS 7.1
Authenticated users of F5 BIG-IP iControl SOAP interface can access account information belonging to other users due to insufficient access controls. The vulnerability affects BIG-IP systems where iControl SOAP is accessible and requires valid authentication credentials to exploit, allowing attackers with legitimate access to enumerate or retrieve confidential account details beyond their authorization scope.
Information Disclosure
-
CVE-2026-34176
HIGH
CVSS 8.5
Remote command injection in F5 BIG-IP Appliance mode allows high-privilege authenticated attackers to execute arbitrary OS commands through an undisclosed iControl REST endpoint, crossing security boundaries between management and administrative contexts. CVSS 8.7 with scope change (S:C) indicates container escape or privilege domain breach. F5 has released vendor patches per advisory K000160857. No public exploit code or CISA KEV listing identified at time of analysis, limiting immediate mass-exploitation risk despite network attack vector.
Command Injection
-
CVE-2026-32673
HIGH
CVSS 8.5
Authenticated administrators with Resource Administrator or Administrator role can execute arbitrary system commands with elevated privileges in F5 BIG-IP scripted monitors, potentially crossing security boundaries in appliance mode deployments. The vulnerability requires high privilege level and network access but allows complete command execution with no user interaction, affecting confidentiality and integrity.
Privilege Escalation
-
CVE-2026-32643
HIGH
CVSS 8.5
Configuration manipulation in F5 BIG-IP and BIG-IQ Certificate Manager allows authenticated attackers with high privileges to execute arbitrary commands with scope change. Attackers holding Certificate Manager role credentials can modify configuration objects to run system commands, escalating from administrative interface access to underlying system control. CVSS 8.7 reflects the scope change (S:C) enabling broader impact than typical privileged command injection. No public exploit identified at time of analysis. F5 has released vendor patches per K000160972.
Privilege Escalation
-
CVE-2026-21019
HIGH
CVSS 8.6
Local privilege escalation in Samsung Galaxy Watch allows unprivileged local attackers to execute arbitrary code with system-level privileges by exploiting improper input validation in the FacAtFunction component. Affects Galaxy Watch devices running Android Watch 14 and 16 prior to Samsung's May 2026 security release (SMR May-2026 Release 1). EPSS score of 0.03% indicates low automated exploitation probability, and no active exploitation or public POC has been identified at time of analysis. Attack requires physical or ADB access to the device.
RCE
Samsung Mobile Devices
-
CVE-2026-20916
HIGH
CVSS 7.2
Authenticated low-privilege users can write arbitrary files to the BIG-IQ system filesystem via path traversal in an undisclosed iControl REST endpoint, enabling system compromise through configuration manipulation or code execution. F5 has released patches for supported versions. While requiring authentication (PR:L), the low complexity (AC:L) and network vector (AV:N) allow remote attackers with minimal access to achieve high integrity and availability impact through file overwrites of critical system or application files.
Path Traversal
-
CVE-2026-8336
HIGH
CVSS 7.7
Authenticated users can crash MongoDB Server by chaining specific server-side JavaScript operations ($_internalJsEmit or mapreduce map functions) with subsequent JavaScript engine invocations ($where, $function, mapreduce reduce stages), triggering a use-after-free condition. Affects MongoDB Server 7.0 (prior to 7.0.34), 8.0 (prior to 8.0.23), 8.2 (prior to 8.2.9), and 8.3 (prior to 8.3.2). Vendor-released patches available for all affected branches. No public exploit identified at time of analysis; EPSS score of 0.05% (16th percentile) suggests low observed exploitation probability despite 7.7 CVSS score. The CWE-416 use-after-free root cause requires precise sequencing of JavaScript operations, limiting exploitability.
Denial Of Service
Use After Free
Memory Corruption
-
CVE-2026-8199
HIGH
CVSS 7.1
Authenticated attackers can exhaust MongoDB Server memory using malicious bitwise match expressions ($bitsAllSet, $bitsAnySet, $bitsAllClear, $bitsAnyClear), leading to out-of-memory denial of service. Affects MongoDB Server 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. Vendor-released patches are available across all affected major versions. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability in the wild, and no public exploit code has been identified at time of analysis.
Information Disclosure
-
CVE-2026-7635
HIGH
CVSS 8.1
PHP Object Injection vulnerability in coreActivity activity logging plugin through version 3.0 allows remote attackers to trigger persistent Denial of Service blocking administrator access to log pages. Unauthenticated attackers inject crafted PHP serialized payloads via User-Agent headers during any logged event (e.g., failed login). When administrators view the Logs page, the plugin deserializes untrusted data and passes it to DeviceDetector::setUserAgent(), causing Fatal TypeError. Vendor-released patch version 3.1 available (released May 6, 2026). EPSS exploitation probability not available; no CISA KEV listing at time of analysis. CVSS 8.1 reflects high complexity attack requiring precise payload crafting despite no authentication requirement.
PHP
WordPress
Denial Of Service
Deserialization
-
CVE-2026-6929
HIGH
CVSS 7.5
Time-based blind SQL injection in JoomSport WordPress plugin (all versions ≤5.7.7) enables unauthenticated remote attackers to extract sensitive database contents including credentials, user data, and configuration secrets via the unsanitized 'sortf' parameter. CVSS 7.5 (High) with network attack vector, low complexity, and no authentication required. EPSS data not provided; no CISA KEV listing indicates exploitation not yet confirmed in the wild. Wordfence Threat Intel reported this vulnerability with proof-of-concept code references pointing to specific vulnerable functions in class-jsport-getplayers.php and class-jsport-playerlist.php, enabling straightforward exploitation by security researchers and threat actors alike.
WordPress
SQLi
-
CVE-2026-6888
HIGH
CVSS 7.2
SQL injection in multiple Advantech industrial IoT platforms allows remote authenticated attackers with high privileges to execute arbitrary database commands. Affected products include WebAccess/SCADA, SaaS Composer, IoTSuite Growth/Starter, and IoT Edge across Windows and Linux Docker deployments. The vulnerability enables complete database compromise - attackers can read sensitive industrial control system data, modify configurations, or delete critical operational information. CVSS 7.2 reflects high impact across confidentiality, integrity, and availability, though exploitation requires administrative credentials (PR:H), significantly limiting attack surface compared to unauthenticated SQL injection vulnerabilities.
SQLi
-
CVE-2026-6282
HIGH
CVSS 8.6
Path traversal in Lenovo Personal Cloud Storage devices allows authenticated remote attackers to move or access files belonging to other users on the same device, enabling unauthorized data disclosure and modification across user boundaries. Affects multiple product lines including Personal Cloud (T1, T2, T2S, T2Pro, X1, X1S, A1, A1S) and Home Storage Hub (T20, X20). CVSS 8.6 reflects high confidentiality and integrity impact with low attack complexity. No active exploitation confirmed in CISA KEV at time of analysis, and EPSS data not available for this 2026 CVE identifier.
Path Traversal
Lenovo
-
CVE-2026-6281
HIGH
CVSS 8.7
Remote command execution in Lenovo Personal Cloud Storage devices (T1, T2, T2S, T2Pro, X1, X1S, A1, A1S, and Home Storage Hub T20/X20) allows authenticated users on the local network to execute arbitrary commands via OS command injection (CWE-78). The CVSS v4.0 score of 8.7 reflects complete system compromise potential (VC:H/VI:H/VA:H) through network attack with low complexity but requiring low-privilege authentication (AV:N/AC:L/PR:L). No evidence of active exploitation (not in CISA KEV) or public exploit code identified at time of analysis. Lenovo has issued advisories including end-of-life notices for certain models (T1), indicating some affected products may not receive patches.
Command Injection
Lenovo
-
CVE-2026-6177
HIGH
CVSS 7.2
Stored cross-site scripting in Custom Twitter Feeds plugin for WordPress versions ≤2.5.4 allows unauthenticated remote attackers to execute arbitrary JavaScript when malicious content enters cached tweet data. The vulnerability stems from the ctf_get_more_posts AJAX endpoint outputting cached tweet text through nl2br() without HTML escaping, accessible without authentication (CVSS:3.1/AV:N/AC:L/PR:N/UI:N). Attack requires either posting malicious tweets that the target site caches via its feed configuration, or leveraging other vulnerabilities to poison the tweet cache. No active exploitation confirmed at time of analysis. Wordfence identified the flaw with patch available in changeset 3519584.
WordPress
XSS
-
CVE-2026-4798
HIGH
CVSS 7.5
Time-based SQL injection in Avada Builder for WordPress allows remote unauthenticated attackers to extract sensitive database information via the 'product_order' parameter. CVSS 7.5 (High) reflects network-accessible attack vector with no authentication required, but exploitation is limited to specific deployments where WooCommerce was previously installed then deactivated. No active exploitation confirmed (not in CISA KEV), but vulnerability disclosed by Wordfence Threat Intelligence with technical details publicly available.
WordPress
SQLi
-
CVE-2026-4609
HIGH
CVSS 7.1
Authenticated subscribers can bypass authorization gates and forcibly join any ProfileGrid group - including closed, paid, or restricted groups - through a missing capability check in the pm_invite_user function. Affects all ProfileGrid plugin versions up to 5.9.8.4. The vulnerability enables low-privilege users to circumvent membership restrictions and payment requirements, potentially exposing premium content and private community spaces. EPSS data not provided; no CISA KEV listing identified, indicating no confirmed widespread exploitation at time of analysis. CVSS 7.1 reflects high integrity impact due to authorization bypass capabilities.
WordPress
Authentication Bypass
-
CVE-2026-3425
HIGH
CVSS 8.8
Local File Inclusion vulnerability in RTMKit Addons for Elementor plugin versions up to 2.0.2 allows authenticated attackers with Author-level privileges to include and execute arbitrary PHP files via the 'path' parameter in the 'get_content' AJAX action, enabling remote code execution. The vulnerability requires low-privilege WordPress account access (Author role or higher) and has a CVSS score of 8.8, indicating high impact across confidentiality, integrity, and availability. EPSS data not available, but exploitation requires specific WordPress role assignment, limiting attack surface to sites where untrusted users have Author-level access. No active exploitation confirmed by CISA KEV at time of analysis.
PHP
WordPress
RCE
Information Disclosure
LFI
-
CVE-2025-62627
HIGH
CVSS 7.2
An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting in loss of confidentiality or availability.
Information Disclosure
VMware
-
CVE-2025-62624
HIGH
CVSS 8.8
A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Privilege Escalation
RCE
Buffer Overflow
Heap Overflow
VMware
-
CVE-2025-62623
HIGH
CVSS 8.8
A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Privilege Escalation
RCE
Buffer Overflow
VMware
-
CVE-2025-61972
HIGH
CVSS 8.5
Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.
RCE
Amd
-
CVE-2025-28344
HIGH
CVSS 7.5
Remote denial-of-service attacks against striso-control-firmware commit 54c9722 via buffer overflow in AuxJack function allow unauthenticated network attackers to crash the device. Despite the high CVSS 7.5 severity, impact is limited to availability (no code execution, data theft, or privilege escalation), and the vulnerability affects an unversioned development commit of specialized musical instrument firmware with a narrow user base. No public exploit code or active exploitation indicators identified at time of analysis.
Buffer Overflow
Stack Overflow
-
CVE-2025-28343
HIGH
CVSS 7.5
Remote denial-of-service attack against striso-control-firmware commit 54c9722 allows network attackers to crash the device through a buffer overflow in the ThreadReadButtons function, resulting in complete service unavailability. CVSS 7.5 High severity with network attack vector requiring no authentication or user interaction. EPSS and KEV data not available; no public exploit code identified at time of analysis, though technical details disclosed in GitHub issue #5 could facilitate development.
Buffer Overflow
Stack Overflow
-
CVE-2025-27853
HIGH
CVSS 7.3
Authentication bypass in Garmin WDU v1 1.4.6 and v2 5.0 allows remote unauthenticated attackers to execute arbitrary commands via WebSocket API. The web interface implements client-side-only authentication while the WebSocket backend enforces no authentication, enabling complete bypass by directly accessing remote APIs. With CVSS 7.3 (AV:N/AC:L/PR:N) but only 0.03% EPSS probability, this represents a critical design flaw in deployed devices rather than actively exploited widespread threat. No public exploit identified at time of analysis.
Authentication Bypass
-
CVE-2025-27850
HIGH
CVSS 7.5
Arbitrary file read on Garmin WDU v1 1.4.6 and v2 5.0 allows remote unauthenticated attackers to retrieve sensitive files from the device filesystem via symlink injection in uploaded graphics packages. The locally-served web server follows symlinks without filesystem restriction, enabling information disclosure. EPSS score of 0.02% (5th percentile) indicates low widespread exploitation probability. No public exploit or CISA KEV listing identified at time of analysis.
Information Disclosure
-
CVE-2026-45740
MEDIUM
CVSS 5.3
Uncontrolled recursion in protobufjs versions prior to 7.5.8 and 8.2.0 allows remote attackers to exhaust the JavaScript call stack by providing crafted JSON descriptors with deeply nested namespace definitions to Root.fromJSON() or Namespace.addJSON(), causing a denial of service. The vulnerability requires only network access and no authentication, though exploitation depends on the application parsing untrusted protobuf JSON descriptors.
Information Disclosure
-
CVE-2026-44740
MEDIUM
CVSS 6.5
go-billy versions prior to v5.9.0 and v6.0.0-alpha.1 lack proper depth and cycle detection in symlink resolution, allowing authenticated remote attackers to trigger infinite loops, uncontrolled recursion, or excessive resource consumption through crafted or malformed repository data and filesystem structures. The vulnerability stems from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states. CVSS 6.5 (availability impact) reflects the authenticated requirement (PR:L) and network attack vector, with no public exploit currently identified.
Information Disclosure
-
CVE-2026-44720
MEDIUM
CVSS 6.9
OpenLearnX versions prior to 2.0.4 contain a critical authentication bypass vulnerability caused by disabled JWT signature verification, enabling unauthenticated attackers to gain unauthorized access to user accounts. The vulnerability has been patched in version 2.0.4. No public exploit code or active exploitation has been identified at time of analysis.
Authentication Bypass
-
CVE-2026-44681
MEDIUM
CVSS 6.1
Unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoints allows remote attackers to redirect users to attacker-controlled URLs by submitting authorization requests that omit the openid scope. The vulnerability occurs because scope validation happens before redirect_uri validation, allowing the error handler to return an HTTP 302 with an unvalidated attacker-supplied redirect_uri. A proof-of-concept GET request demonstrates the flaw trivially; no authentication, valid client_id, or user interaction beyond clicking the link is required, though the CVSS score of 6.1 reflects the requirement for user interaction (UI:R) to click the phishing link. Actively exploited in the wild (KEV status), this is a Medium-severity open redirect enabling credential harvesting attacks.
Python
CSRF
Open Redirect
-
CVE-2026-42961
MEDIUM
CVSS 5.1
Cross-site request forgery (CSRF) in ELECOM wireless LAN access points (WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, WAB-BE36-S) allows remote attackers to trick authenticated users into performing unintended administrative operations by viewing a malicious webpage. The vulnerability exists despite CSRF token implementation due to inadequate token validation, enabling integrity compromise of access point configuration without user knowledge.
CSRF
-
CVE-2026-42950
MEDIUM
CVSS 5.1
ELECOM wireless LAN access point models WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, and WAB-BE36-S fail to validate the language parameter in administrative pages, allowing remote attackers to break the admin interface for logged-in users via malicious web pages. The vulnerability requires user interaction (viewing a malicious page while authenticated to the access point) and results in denial of service of the administrative interface rather than data exposure or unauthorized access. No public exploit code has been identified at time of analysis.
Information Disclosure
-
CVE-2026-42948
MEDIUM
CVSS 4.8
Stored cross-site scripting vulnerability in ELECOM wireless LAN access point devices (WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, WAB-BE36-S) allows authenticated administrators to inject malicious scripts that execute in other administrators' web browsers when they access the device management interface. Exploitation requires high-privilege administrative credentials and user interaction (victim must visit the admin panel), limiting real-world risk despite network-accessible attack surface.
XSS
-
CVE-2026-42934
MEDIUM
CVSS 6.3
Heap buffer over-read in NGINX's ngx_http_charset_module allows unauthenticated remote attackers to leak sensitive memory or crash worker processes when specific configuration directives (charset, source_charset, charset_map, and proxy_pass with buffering disabled) are combined. The vulnerability requires attacker-controlled conditions that depend on factors outside the attacker's control, limiting exploitability but creating real risk for affected deployments. CVSS 4.8 reflects the conditional nature of exploitation and limited scope of impact (information disclosure or availability).
Buffer Overflow
Information Disclosure
Nginx
Red Hat
Suse
-
CVE-2026-42926
MEDIUM
CVSS 6.3
NGINX Open Source configured to proxy HTTP/2 traffic with proxy_http_version set to 2 combined with proxy_set_body allows remote unauthenticated attackers to inject frame headers and payload bytes to upstream peers, enabling potential header injection or request manipulation attacks. The vulnerability affects default configurations without requiring authentication or user interaction, with CVSS 5.8 indicating moderate integrity impact across networked systems. No public exploit code or active exploitation has been confirmed at this time.
Code Injection
Nginx
Suse
-
CVE-2026-42780
MEDIUM
CVSS 6.9
Directory traversal vulnerability in F5 BIG-IP SSL Orchestrator enables authenticated high-privilege attackers to overwrite, delete, or corrupt arbitrary local files via path manipulation. The vulnerability requires network access and valid high-privilege credentials but does not require user interaction, affecting the integrity of system files on affected BIG-IP instances. A vendor patch is available.
Path Traversal
-
CVE-2026-42408
MEDIUM
CVSS 6.7
F5 BIG-IP DNS when provisioned contains an undisclosed TMOS Shell (tmsh) command vulnerability allowing highly privileged authenticated attackers to view sensitive information. The vulnerability requires high-privilege account access and local shell access (AV:L, PR:H), limiting real-world exploitation to insider threats or post-compromise scenarios where an attacker has already obtained administrative credentials on the management interface.
Information Disclosure
-
CVE-2026-42063
MEDIUM
CVSS 6.9
Authenticated high-privilege attackers with Resource Administrator or Administrator roles can download sensitive files from F5 BIG-IP iControl SOAP interface due to improper path validation. The vulnerability requires valid administrative credentials and does not affect versions that have reached End of Technical Support, limiting exposure to actively maintained deployments. No public exploit code or active exploitation has been identified.
Information Disclosure
Path Traversal
-
CVE-2026-42058
MEDIUM
CVSS 5.3
F5 BIG-IP iControl REST API allows authenticated attackers to enumerate local user account names through undisclosed requests, leading to information disclosure of administrative user identities. The vulnerability requires valid authentication credentials and network access to the iControl REST interface, affecting systems with BIG-IP versions that have not reached End of Technical Support. CVSS 4.3 (low) reflects the requirement for prior authentication and confidentiality-only impact, though the enumeration of administrative accounts could facilitate downstream attacks.
Information Disclosure
-
CVE-2026-41954
MEDIUM
CVSS 6.9
Sensitive information disclosure in F5 BIG-IP and BIG-IQ allows authenticated administrators with resource administrator role to view confidential data via undisclosed iControl REST endpoints or TMOS Shell commands. The vulnerability requires high-privilege authentication and produces no system modification or availability impact, limiting real-world risk despite network accessibility. Vendor has released patches addressing the information exposure.
Information Disclosure
-
CVE-2026-41051
MEDIUM
CVSS 5.1
csync2 compiled with C99 or later creates insecure temporary directories vulnerable to time-of-check-time-of-use (TOCTOU) attacks, allowing local authenticated users with user interaction to cause denial of service through symlink or directory manipulation. The vulnerability affects OpenSUSE Tumbleweed and requires local access with low privileges and user interaction to exploit.
Information Disclosure
Suse
-
CVE-2026-40703
MEDIUM
CVSS 5.3
Cross-site request forgery (CSRF) in F5 BIG-IP Configuration utility dashboard allows unauthenticated remote attackers to perform unauthorized actions (integrity and availability impact) against authenticated users through malicious web pages, requiring user interaction to click a crafted link. Patch is available from F5. No public exploit code or active exploitation confirmed at time of analysis.
CSRF
-
CVE-2026-40701
MEDIUM
CVSS 6.3
Heap-use-after-free in NGINX Plus and NGINX Open Source allows unauthenticated remote attackers to trigger memory corruption in the worker process when ssl_verify_client is set to 'on' or 'optional' and ssl_ocsp is configured with a resolver. Exploitation can cause limited information disclosure or worker process restart, with CVSS 4.8 reflecting moderate impact constrained by high attack complexity. No public exploit code or active exploitation has been identified at time of analysis.
Information Disclosure
Use After Free
Memory Corruption
Nginx
Red Hat
-
CVE-2026-40460
MEDIUM
CVSS 6.9
NGINX Plus and NGINX Open Source configured with the HTTP/3 QUIC module allows unauthenticated remote attackers to spoof source IP addresses, enabling bypass of authorization checks and rate-limiting controls. The vulnerability affects both commercial and open-source variants when QUIC is explicitly enabled, with patches available from F5.
Authentication Bypass
Nginx
Red Hat
Suse
-
CVE-2026-40435
MEDIUM
CVSS 6.9
IP-based access control restrictions in F5 BIG-IP httpd do not uniformly apply to all endpoints, allowing unauthenticated remote attackers from blocked IP addresses to access protected resources and disclose sensitive information. The vulnerability affects default configurations where network-based access policies are expected to enforce restrictions across the entire application stack, but certain endpoints bypass these controls. A vendor patch is available.
Information Disclosure
-
CVE-2026-36742
MEDIUM
CVSS 6.8
Hiseeu C90 v5.7.15 exposes a UART bootloader in debug mode when the device battery is disconnected, allowing unauthenticated physical attackers with direct hardware access to achieve privilege escalation and potentially execute arbitrary code with full device control. This vulnerability requires physical tampering to trigger but bypasses all software-based security controls once activated.
Privilege Escalation
-
CVE-2026-36738
MEDIUM
CVSS 6.8
U-SPEED AC1200 Gigabit Wi-Fi Router Model T18-21K V1.0 exposes an unauthenticated UART serial interface that grants unrestricted access to device functionality upon physical connection. An attacker with physical access to the exposed UART pins can bypass all authentication and authorization controls to gain full device compromise. EPSS exploitation probability is low (0.03%), reflecting the physical access requirement, though the impact of successful exploitation is severe (confidentiality, integrity, and availability compromise).
Authentication Bypass
-
CVE-2026-34019
MEDIUM
CVSS 6.3
Denial of service in F5 BIG-IP affects the Traffic Management Microkernel (TMM) when Bidirectional Forwarding Detection (BFD) is configured with static or dynamic routing protocols. Undisclosed traffic patterns cause TMM to stop processing BFD packets, triggering unintended failover of the configured routing protocol. Remote unauthenticated attackers can trigger this condition over the network with low complexity, resulting in availability loss for BFD-dependent routing operations.
Information Disclosure
-
CVE-2026-31156
MEDIUM
CVSS 6.5
Path traversal in OpenPLC v3 allows authenticated remote attackers to read arbitrary files via unvalidated file path parameters passed to the glue_generator binary. The vulnerability affects command-line input handling in the compiled binary derived from glue_generator.cpp, where user-controlled paths are passed directly to file operation functions (fopen, ifstream, ofstream) without validation. Exploitation requires authentication but no user interaction, and no public exploit code has been identified at the time of analysis.
Path Traversal
-
CVE-2026-28758
MEDIUM
CVSS 6.7
BIG-IP DNS provisioning exposes SSH passwords in cleartext within iControl REST API responses and audit logs when using the gtm_add and bigip_add commands, allowing highly privileged authenticated attackers with audit log access to retrieve sensitive credentials. The vulnerability affects all supported BIG-IP DNS versions and carries a CVSS score of 4.4 with low real-world exploitation risk due to the requirement for local access and high privilege level.
Information Disclosure
-
CVE-2026-25107
MEDIUM
CVSS 6.9
ELECOM wireless LAN access point devices WRC-X1800GS-B, WRC-X3000GS2 series, WRC-X6000QS series, and related models use a hard-coded cryptographic key to encrypt configuration file backups. An attacker who obtains a backup file can decrypt and modify the configuration using the publicly known key, then trick a network administrator into restoring the malicious configuration, enabling complete compromise of network settings. This requires user interaction (administrator deploying a crafted backup) but no authentication, making it a practical attack vector for supply-chain compromise or insider threats. CVSS 6.5 (Medium) reflects the high integrity impact balanced against the requirement for administrator interaction.
Information Disclosure
-
CVE-2026-24464
MEDIUM
CVSS 6.9
Directory traversal vulnerability in F5 BIG-IP iControl REST endpoint when running in Appliance mode allows authenticated administrators to delete arbitrary files, crossing security boundaries. The vulnerability requires high-privilege administrator role access and network connectivity to the iControl REST interface, but no user interaction. Patch availability confirmed from F5; no active exploitation reported.
Path Traversal
-
CVE-2026-21024
MEDIUM
CVSS 6.3
Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.
Information Disclosure
Samsung
-
CVE-2026-21022
MEDIUM
CVSS 6.9
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
Information Disclosure
-
CVE-2026-21021
MEDIUM
CVSS 5.1
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
Information Disclosure
-
CVE-2026-21020
MEDIUM
CVSS 5.1
Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.
Information Disclosure
Google
-
CVE-2026-21018
MEDIUM
CVSS 6.8
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
RCE
Buffer Overflow
Memory Corruption
-
CVE-2026-21016
MEDIUM
CVSS 5.1
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
Information Disclosure
-
CVE-2026-21015
MEDIUM
CVSS 6.8
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.
Privilege Escalation
-
CVE-2026-8369
MEDIUM
CVSS 6.0
Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options.
Authentication Bypass
-
CVE-2026-8367
MEDIUM
CVSS 4.8
aria2c fails to properly validate Extended Key Usage (EKU) constraints in TLS server certificates, allowing attackers who possess a compromised certificate issued for a different purpose to impersonate legitimate servers. This undermines certificate-based authentication and enables man-in-the-middle attacks against aria2c downloads over HTTPS, potentially leading to delivery of malicious files or interception of sensitive data.
Information Disclosure
-
CVE-2026-8202
MEDIUM
CVSS 5.3
Denial of service in MongoDB Server v7.0 through v8.3 allows authenticated users with aggregation permissions to exhaust CPU resources via densely populated character masks in $trim, $ltrim, and $rtrim aggregation operators. An attacker can pin CPU utilization at 100% for extended periods by crafting malicious aggregation queries with large input strings and computationally expensive mask patterns. No public exploit code or active exploitation has been reported at time of analysis.
Denial Of Service
-
CVE-2026-8201
MEDIUM
CVSS 6.1
Use-after-free in MongoDB Server's Field-Level Encryption query analysis component allows authenticated remote attackers with control over FLE query structure to cause information disclosure and denial of service. The vulnerability affects mongocryptd and crypt_shared in versions 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. No public exploit code identified at time of analysis.
Information Disclosure
Use After Free
Memory Corruption
-
CVE-2026-8200
MEDIUM
CVSS 4.8
MongoDB Server fails to fully redact user data in local server log messages when schema validation is enabled and an update or insert operation violates the collection schema, allowing authenticated administrators to access sensitive information through log inspection. This information disclosure affects MongoDB Server 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. The vulnerability requires high-privilege administrative access and has a low CVSS score of 2.7, indicating limited real-world impact despite confirmed patch availability.
Information Disclosure
-
CVE-2026-7619
MEDIUM
CVSS 6.5
SQL injection in Charitable - Donation Plugin for WordPress versions up to 1.8.10.4 allows authenticated users with donation management admin privileges to inject malicious SQL via the 's' search parameter, enabling extraction of sensitive database information. The vulnerability stems from insufficient escaping and lack of prepared statement usage in the donation search functionality. Attack requires administrator-level access to the donation management area (edit_others_donations capability), limiting scope to internal threats but carrying high confidentiality impact.
WordPress
SQLi
-
CVE-2026-7051
MEDIUM
CVSS 5.4
Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to 8.9.0 allows authenticated attackers to delete any user's published and scheduled social media post records due to missing ownership verification in the deleteUserPublishPost() and deleteUserSchedPost() functions. Attackers can supply arbitrary sequential post IDs to permanently soft-delete other users' B2S post records, disrupting content publishing workflows across multiuser WordPress installations. This vulnerability requires valid WordPress user authentication but no elevated privileges.
WordPress
Authentication Bypass
-
CVE-2026-6965
MEDIUM
CVSS 5.3
Authenticated instructors in Tutor LMS versions up to 3.9.9 can manipulate course ownership logic via an attacker-controlled GET parameter to perform unauthorized operations on other instructors' courses, including deleting lessons, quizzes, assignments, and student data, or modifying course content and grades. The vulnerability stems from the `get_course_id_by()` function unconditionally trusting user-supplied input instead of validating course ownership, bypassing the plugin's primary authorization gate. No public exploit code or active exploitation has been identified at time of analysis.
WordPress
Authentication Bypass
-
CVE-2026-6962
MEDIUM
CVSS 6.4
Stored cross-site scripting in Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin (all versions up to 4.1.0) allows authenticated attackers with contributor-level access to inject arbitrary JavaScript via unsanitized shortcode attributes 'alg_wc_cog_product_cost' and 'alg_wc_cog_product_profit', which executes in the browsers of all users viewing the affected pages. The vulnerability requires prior account access but no user interaction for execution, making it a persistent attack vector for privilege escalation or malicious content injection on WordPress sites.
WordPress
XSS
-
CVE-2026-6828
MEDIUM
CVSS 6.4
Stored Cross-Site Scripting (XSS) in Fluent Forms WordPress plugin versions up to 6.2.1 allows authenticated contributors and above to inject arbitrary JavaScript into pages via the 'permission_message' parameter, which executes when any user views the affected page. The vulnerability stems from insufficient input sanitization and output escaping in the Component module. No active exploitation or public proof-of-concept has been reported, but the low attack complexity and network accessibility make this a practical risk for WordPress sites with contributor-level user accounts.
WordPress
XSS
-
CVE-2026-4782
MEDIUM
CVSS 6.5
Arbitrary file read in Avada Builder plugin for WordPress versions up to 3.15.2 allows authenticated attackers with Subscriber-level access to read arbitrary files on the server via the 'fusion_get_svg_from_file' function in the 'fusion_section_separator' shortcode. Sensitive information including configuration files, database credentials, and private keys can be exposed. The vulnerability was partially patched in 3.15.2 and fully patched in version 3.15.3.
WordPress
RCE
-
CVE-2026-4608
MEDIUM
CVSS 6.5
ProfileGrid User Profiles plugin for WordPress versions up to 5.9.8.4 allow authenticated attackers with Subscriber-level access to execute blind SQL injection attacks via the 'rid' parameter due to insufficient input escaping and lack of prepared statement use. The vulnerability enables extraction of sensitive database information without user interaction. No public exploit code or active exploitation has been confirmed at this time.
WordPress
SQLi
-
CVE-2026-4607
MEDIUM
CVSS 4.3
Authentication bypass in ProfileGrid - User Profiles, Groups and Communities WordPress plugin up to version 5.9.8.4 allows authenticated Subscriber-level users to modify site-wide group settings through unprotected AJAX actions (pm_set_group_order, pm_set_group_items, pm_set_field_order). Attackers can alter group menu order, list order, icon display, and field ordering without authorization checks. No public exploit code or active exploitation has been identified; CVSS 4.3 (low-moderate severity) reflects limited impact scope to integrity without confidentiality or availability impact.
WordPress
Authentication Bypass
-
CVE-2026-3426
MEDIUM
CVSS 4.3
RTMKit Addons for Elementor plugin for WordPress allows authenticated attackers with Author-level access or higher to modify or reset site-wide widget configurations due to missing capability checks in the save_widget() and reset_all_widgets() functions. This privilege escalation vulnerability affects all versions up to 2.0.2 and enables unauthorized modification of widget data across the entire WordPress site, impacting site integrity and user experience.
WordPress
Authentication Bypass
-
CVE-2026-3004
MEDIUM
CVSS 6.4
Stored Cross-Site Scripting in Snow Monkey Blocks WordPress plugin up to version 24.1.11 allows authenticated attackers with Contributor-level or higher privileges to inject arbitrary JavaScript via the 'data-slick' attribute, which executes in the browsers of all users who view the affected pages. The vulnerability stems from insufficient input sanitization and output escaping in block rendering functionality. CVSS 6.4 reflects the moderate severity; exploitation requires prior authentication and contributor access, limiting the attack surface to trusted WordPress users or accounts obtained through compromise.
WordPress
XSS
-
CVE-2026-2725
MEDIUM
CVSS 6.0
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag o...
Authentication Bypass
-
CVE-2026-2515
MEDIUM
CVSS 5.3
Authenticated attackers with Subscriber-level access can modify the API key stored in the Hostinger Reach WordPress plugin (versions up to 1.3.8) due to missing capability checks in the AJAX handler, but only when the plugin is not yet connected to a site and the database contains no existing API key. The vulnerability allows unauthorized data modification via the 'hostinger_reach_connection_notice_action' action with CVSS 5.3 (network-accessible, high integrity impact, but requiring low-privilege authentication and non-standard conditions).
WordPress
Authentication Bypass
-
CVE-2025-61971
MEDIUM
CVSS 5.9
Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.
Information Disclosure
-
CVE-2025-29338
MEDIUM
CVSS 5.6
Buffer overflow in NXP moal.ko Wi-Fi driver versions 5.1.7.10 with firmware v17.92.1.p149.43 through v17.92.1.p149.157 allows local privileged attackers to cause denial of service and potentially corrupt memory via the mod_para parameter in the woal_init_module_param function. The vulnerability requires high-privilege access and cannot be triggered remotely, but public exploit code exists and SSVC analysis indicates non-automatable exploitation with partial technical impact.
Buffer Overflow
N A
-
CVE-2025-27852
MEDIUM
CVSS 5.0
Reflected cross-site scripting (XSS) in Garmin WDU v1 1.4.6 and v2 5.0 allows local network attackers to execute arbitrary JavaScript with full administrator-level access to the device. Exploitation requires the victim to visit a malicious URL and click an element on the rendered page, making this a moderate-risk vulnerability primarily affecting users on trusted networks who may be socially engineered.
XSS
-
CVE-2025-14767
MEDIUM
CVSS 5.5
Stored Cross-Site Scripting in WPC Badge Management for WooCommerce plugin versions up to 3.1.6 allows authenticated attackers with Shop Manager-level access to inject arbitrary JavaScript via the 'text' attribute of the wpcbm_best_seller shortcode. The injected scripts execute in the browsers of any user visiting the affected page, enabling credential theft, session hijacking, or defacement. The vulnerability stems from insufficient input sanitization and output escaping in shortcode processing.
WordPress
XSS
-
CVE-2025-14755
MEDIUM
CVSS 5.3
Unauthenticated attackers can manipulate product prices in WooCommerce carts via an unprotected AJAX action in the Cost Calculator Builder plugin for WordPress (versions up to 4.0.1) when used with Cost Calculator Builder PRO. The vulnerability stems from the ccb_woocommerce_payment AJAX endpoint being registered without authentication requirements (wp_ajax_nopriv) and failing to validate user input before passing it to checkout initialization, allowing price modification without authorization. This is an Insecure Direct Object Reference (IDOR) flaw with moderate CVSS score (5.3) that enables integrity violations but not confidentiality breaches or availability impact.
WordPress
Authentication Bypass
-
CVE-2025-14033
MEDIUM
CVSS 5.3
Unauthenticated attackers can retrieve any support ticket content from the ilGhera Support System for WooCommerce plugin (versions up to 1.3.0) by exploiting a missing capability check in the 'get_ticket_content_callback' function, exposing sensitive customer data and private communications without authentication. The vulnerability requires only a valid ticket ID and network access, with no active public exploitation confirmed at time of analysis, but the low attack complexity and unauthenticated nature make it practically exploitable against any WordPress site running the affected plugin.
WordPress
Authentication Bypass
-
CVE-2025-9989
MEDIUM
CVSS 4.4
Stored Cross-Site Scripting in Broadstreet plugin for WordPress versions up to 1.53.1 allows authenticated administrators to inject arbitrary JavaScript into admin settings that executes for all users viewing affected pages. The vulnerability requires administrator-level access, high attack complexity due to disabled unfiltered_html or multi-site configuration restrictions, and impacts confidentiality and integrity with limited scope. No active exploitation confirmed at time of analysis.
WordPress
XSS
-
CVE-2025-9988
MEDIUM
CVSS 4.3
Broadstreet WordPress plugin up to version 1.53.1 allows authenticated attackers with Subscriber-level access to create advertisers via missing capability checks on the create_advertiser AJAX action, enabling privilege escalation and unauthorized modification of advertising data.
WordPress
Authentication Bypass
-
CVE-2025-9987
MEDIUM
CVSS 5.3
The Broadstreet WordPress plugin versions up to 1.53.1 exposes sensitive business information through an unauthenticated AJAX endpoint (get_sponsored_meta), allowing attackers to extract password-protected and private business details. Despite the CVSS vector indicating PR:N, the vulnerability requires subscriber-level or higher WordPress access, making authenticated users the primary attack vector. The exposure is limited to confidentiality impact with no integrity or availability compromise.
WordPress
Information Disclosure
-
CVE-2026-45028
LOW
CVSS 2.9
Astro versions prior to 6.1.10 fail to bind encrypted server island parameters to their intended component and purpose, allowing attackers to replay encrypted props as slots or vice versa. This cryptographic binding failure could lead to cross-site scripting (XSS) when applications use server islands with overlapping prop and slot names where an attacker controls prop values. The vulnerability requires very specific application architecture (shared key names, dynamically rendered pages, attacker-controlled props) making real-world exploitation unlikely, but the underlying encryption design flaw is significant.
XSS
-
CVE-2026-43489
None
In the Linux kernel, the following vulnerability has been resolved:
liveupdate: luo_file: remember retrieve() status
LUO keeps track of successful retrieve attempts on a LUO file. It does so
to avoid multiple retrievals of the same file. Multiple retrievals cause
problems because once the file i...
Information Disclosure
Linux
-
CVE-2026-43488
None
In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Prevent interrupt storm on host controller error (HCE)
The xHCI controller reports a Host Controller Error (HCE) in UAS Storage
Device plug/unplug scenarios on Android devices. HCE is checked in
xhci_irq() function and ...
Information Disclosure
Linux
Google
-
CVE-2026-43487
None
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-core: Disable LPM on ST1000DM010-2EP102
According to a user report, the ST1000DM010-2EP102 has problems with LPM,
causing random system freezes. The drive belongs to the same BarraCuda
family as the ST2000DM008-2FR102 ...
Information Disclosure
Linux
Barracuda
-
CVE-2026-43486
None
In the Linux kernel, the following vulnerability has been resolved:
arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults
contpte_ptep_set_access_flags() compared the gathered ptep_get() value
against the requested entry to detect no-ops. ptep_get() ORs AF/dirty
from all sub-PTEs ...
Information Disclosure
Linux
-
CVE-2026-43485
None
In the Linux kernel, the following vulnerability has been resolved:
nouveau/gsp: drop WARN_ON in ACPI probes
These WARN_ONs seem to trigger a lot, and we don't seem to have a
plan to fix them, so just drop them, as they are most likely
harmless.
Information Disclosure
Linux
-
CVE-2026-43484
None
In the Linux kernel, the following vulnerability has been resolved:
mmc: core: Avoid bitfield RMW for claim/retune flags
Move claimed and retune control flags out of the bitfield word to
avoid unrelated RMW side effects in asynchronous contexts.
The host->claimed bit shared a word with retune fla...
Information Disclosure
Linux
-
CVE-2026-43483
None
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated
Explicitly set/clear CR8 write interception when AVIC is (de)activated to
fix a bug where KVM leaves the interception enabled after AVIC is
activated. E.g. if ...
Information Disclosure
Linux
Microsoft
-
CVE-2026-43482
None
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Disable preemption between scx_claim_exit() and kicking helper work
scx_claim_exit() atomically sets exit_kind, which prevents scx_error() from
triggering further error handling. After claiming exit, the caller must kic...
Authentication Bypass
Linux
-
CVE-2026-43480
None
In the Linux kernel, the following vulnerability has been resolved:
ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition
The acp3x_5682_init() function did not check the return value of
clk_get(), which could lead to dereferencing error pointers in
rt5682_clk_enable().
F...
Information Disclosure
Linux
Amd
-
CVE-2026-43479
None
In the Linux kernel, the following vulnerability has been resolved:
net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect
Remove redundant netif_napi_del() call from disconnect path.
A WARN may be triggered in __netif_napi_del_locked() during USB device
disconnect:
WARNING: CPU:...
Information Disclosure
Linux
-
CVE-2026-43478
None
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put
The correct helper to use in rt1011_recv_spk_mode_put() to retrieve the
DAPM context is snd_soc_component_to_dapm(), from kcontrol we will
receive NULL po...
Denial Of Service
Linux
-
CVE-2026-43477
None
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL
Apparently ICL may hang with an MCE if we write TRANS_VRR_VMAX/FLIPLINE
before enabling TRANS_DDI_FUNC_CTL.
Personally I was only able to reproduce a hang (on ...
Information Disclosure
Linux
Dell