Skip to main content
CVE-2026-44369 HIGH PATCH This Week

Stored cross-site scripting in CVAT (Computer Vision Annotation Tool) versions 2.5.0 through 2.63.0 allows an authenticated user with annotation-guide create/edit privileges to inject malicious JavaScript into a task's annotation guide, which executes in any victim's browser that opens it. Executed script runs with the victim's CVAT session privileges, enabling arbitrary API requests on their behalf. No public exploit identified at time of analysis; EPSS is low (0.05%) and SSVC reports no observed exploitation.

XSS Cvat
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-32643 HIGH PATCH This Week

Configuration manipulation in F5 BIG-IP and BIG-IQ Certificate Manager allows authenticated attackers with high privileges to execute arbitrary commands with scope change. Attackers holding Certificate Manager role credentials can modify configuration objects to run system commands, escalating from administrative interface access to underlying system control. CVSS 8.7 reflects the scope change (S:C) enabling broader impact than typical privileged command injection. No public exploit identified at time of analysis. F5 has released vendor patches per K000160972.

Privilege Escalation Big Ip Big Iq
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-42406 HIGH PATCH This Week

Arbitrary command execution in F5 BIG-IP and BIG-IQ Certificate Manager allows highly privileged attackers with Certificate Manager role to run OS commands by modifying configuration objects. The vulnerability requires network access and high privileges (PR:H) but enables scope change (S:C) with high confidentiality and integrity impact. Vendor-released patch available per F5 Security Advisory K000160971. EPSS data not provided; no confirmed active exploitation (not in CISA KEV) or public exploit code identified at time of analysis.

Information Disclosure Big Ip Big Iq
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-42930 HIGH PATCH This Week

Authenticated administrators in F5 BIG-IP Appliance mode can bypass configuration restrictions designed to prevent system-level access. Administrators with the 'Administrator' role can circumvent Appliance mode lockdown controls, potentially modifying underlying system configurations that should be protected in this deployment mode. Vendor patch available per F5 Security Advisory K000160876. CVSS 8.5 reflects high confidentiality/integrity impact despite requiring privileged authentication.

Authentication Bypass Big Ip
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-61972 HIGH This Week

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.

RCE Amd
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-44470 HIGH PATCH This Week

Local privilege escalation in Claude Desktop for Windows prior to 1.3834.0 allows a low-privileged user to gain SYSTEM-level file write primitives by abusing the CoworkVMService component. The service fails to validate whether the user-writable VM bundle directory is a real directory or an NTFS directory junction, enabling a classic link-following attack. No public exploit identified at time of analysis, and EPSS is negligible (0.01%), but SSVC rates technical impact as total.

Microsoft Privilege Escalation Claude Desktop
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-44797 HIGH PATCH GHSA This Week

Server-side request forgery (SSRF) in Nautobot's Webhook feature allows authenticated users with add/change permissions on the Webhook data model to configure malicious webhook URLs targeting internal hosts, cloud metadata endpoints, or other restricted network resources. Affects all versions prior to 2.4.33 and 3.x versions prior to 3.1.2. The vulnerability allows bypassing intended network boundaries and accessing services that should not be reachable from the Nautobot server. Vendor-released patches available in v2.4.33 and v3.1.2 introduce URL scheme restrictions, IP network blocklists, and hostname allow-lists to prevent SSRF exploitation. No public exploit identified at time of analysis, but CVSS base score of 8.5 reflects significant impact with scope change allowing access to resources beyond the vulnerable component's security context.

SSRF
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-44612 HIGH This Week

DLL hijacking in Bytello Share (Windows Edition) installer prior to version 5.13.0.4246 allows local attackers to execute arbitrary code with the privileges of the installing user. The installer insecurely loads DLLs from its current directory, enabling attackers who can place a malicious DLL in the same location to achieve code execution when a user runs the installer. EPSS probability is very low (0.01%, 3rd percentile) with no active exploitation identified, suggesting this requires significant local access prerequisites that limit real-world risk despite the high CVSS score.

Microsoft RCE
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-32993 HIGH PATCH This Week

HTTP response header injection in cPanel, WHM, and WP Squared allows unauthenticated remote attackers to inject arbitrary headers via the unsanitized `status` query parameter of the `/unprotected/nova_error` endpoint. CVSS 8.3 reflects the changed scope (S:C) with low impact across confidentiality, integrity, and availability, consistent with CRLF-style header injection that can pivot into cache poisoning, session fixation, or open redirect chains. No public exploit identified at time of analysis, and EPSS is low at 0.07%, but a vendor patch is already available.

Code Injection
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-42946 HIGH PATCH This Week

Memory disclosure and denial-of-service in NGINX's SCGI and uWSGI proxy modules allow attackers with man-in-the-middle position between NGINX and upstream servers to read worker process memory or crash the service. Affects both NGINX Open Source and NGINX Plus when scgi_pass or uwsgi_pass directives are configured. The vulnerability requires network positioning between NGINX and its backend servers (AV:N with AT:P - Present attack complexity), making exploitation dependent on network architecture. No public exploit identified at time of analysis. CVSS 8.3 (High) reflects potential for confidential data exposure but limited by MITM prerequisite.

Information Disclosure Nginx Nginx Plus Nginx Open Source
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-21821 HIGH This Week

Use of an end-of-life jQuery 1.x library in HCL BigFix SCM Reporting 11.0.5 exposes the management console to client-side attacks, including DOM-based XSS, inherited from publicly known unpatched flaws in the dependency. With no public exploit identified at time of analysis and a very low EPSS score (0.04%), the CVSS 8.3 rating reflects high theoretical impact rather than confirmed in-the-wild abuse, though successful exploitation requires user interaction with a crafted resource.

XSS Bigfix Scm Reporting
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-41217 HIGH PATCH This Week

F5 BIG-IP TMOS shell (tmsh) allows authenticated administrators and resource administrators to execute arbitrary system commands with elevated privileges via an undisclosed command, potentially crossing security boundaries in Appliance mode deployments. The vulnerability requires high-privilege account access and local command-line interaction but poses significant risk to appliance-mode BIG-IP systems where privilege escalation could compromise the entire platform.

Information Disclosure Big Ip
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-43970 HIGH PATCH GHSA This Week

Unauthenticated remote denial of service in ninenines cowlib (versions 0.1.0 through 2.16.0) allows a single crafted SPDY frame to exhaust BEAM VM memory via a zlib decompression bomb. The cow_spdy:inflate/2 path passes peer-controlled compressed bytes to zlib:inflate/2 without bounding output size, and because the SPDY ?ZDICT dictionary is public and zlib achieves roughly 1024:1 compression on repeated bytes, kilobytes of input expand to gigabytes of heap, OOM-killing the Erlang node. No public exploit identified at time of analysis, EPSS is low (0.14%), and CISA SSVC marks exploitation as none, but the upstream fix is to remove cow_spdy entirely in 2.16.1.

Denial Of Service Cowlib
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-45137 HIGH PATCH GHSA This Week

Account validation bypass in Solana's Anchor framework (anchor-lang 1.0.0 through 1.0.1) allows attackers to substitute arbitrary program IDs where the System program is expected, enabling arbitrary cross-program invocation (CPI) and payment bypass in downstream on-chain programs. The flaw stems from Program<'a, System> resolving to the same Pubkey::default() check as the untyped Program<'a, ()> variant, so anchor never enforces the expected system program id. A working PoC is published in the GHSA advisory, though there is no public exploit identified at time of analysis as a weaponized tool, EPSS is 0.04% (13th percentile), and the issue is not in CISA KEV.

RCE
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-32992 HIGH PATCH This Week

Credential interception in cPanel/WHM and WP Squared DNS Cluster system allows network-positioned attackers to perform man-in-the-middle attacks because SSL/TLS certificate verification is disabled when DNS Cluster nodes communicate. An attacker able to intercept traffic between cluster peers can impersonate a legitimate DNS Cluster server and capture authentication credentials transmitted during the request. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%), but SSVC marks the flaw as automatable with partial technical impact.

Information Disclosure
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-8466 HIGH PATCH GHSA This Week

Unauthenticated denial of service in ninenines Cowboy 2.0.0 through 2.14.x allows remote attackers to exhaust BEAM VM memory by sending malformed multipart/form-data uploads that never complete a header section. The flaw lives in cowboy_req:read_part/3, which lacked the upper-bound buffer guard already present in read_part_body/4, letting a handful of concurrent slow uploads accumulate request bytes linearly until the Erlang node runs out of memory. EPSS is very low (0.02%) and no public exploit is identified at time of analysis, but the upstream patch and a regression test are already merged in 2.15.0.

Denial Of Service Cowboy
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-7635 HIGH This Week

PHP Object Injection vulnerability in coreActivity activity logging plugin through version 3.0 allows remote attackers to trigger persistent Denial of Service blocking administrator access to log pages. Unauthenticated attackers inject crafted PHP serialized payloads via User-Agent headers during any logged event (e.g., failed login). When administrators view the Logs page, the plugin deserializes untrusted data and passes it to DeviceDetector::setUserAgent(), causing Fatal TypeError. Vendor-released patch version 3.1 available (released May 6, 2026). EPSS exploitation probability not available; no CISA KEV listing at time of analysis. CVSS 8.1 reflects high complexity attack requiring precise payload crafting despite no authentication requirement.

Denial Of Service PHP WordPress Deserialization
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-45055 HIGH PATCH This Week

Account and store takeover in CubeCart 6.6.x through 6.7.1 is possible because the CC_STORE_URL constant is derived from the unvalidated Host header at bootstrap and embedded into password-reset emails. A remote unauthenticated attacker who knows a victim's email address can trigger a host-header poisoning attack that emails the user a reset link pointing at attacker-controlled infrastructure, capturing a valid 3,600-second token on click. SSVC reports a public POC and total technical impact, while EPSS remains low (0.03%) and no public exploit is identified as in-the-wild.

PHP Information Disclosure V6
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-33381 HIGH PATCH This Week

Privilege revocation race condition in Grafana OSS allows a user whose service-account token-minting permission was just revoked to continue minting tokens for several seconds after the revocation event. The flaw, tagged as an authentication bypass affecting multiple supported branches of Grafana OSS (11.x, 12.x, 13.x), can yield high confidentiality and integrity impact by granting persistent API access via newly minted service-account tokens. No public exploit identified at time of analysis, EPSS is very low (0.03%), and SSVC marks exploitation as none - but the vendor has issued patches across all affected branches.

Authentication Bypass Grafana Oss
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-29206 HIGH PATCH This Week

SQL injection in the cPanel/WHM sqloptimizer utility script allows attackers to execute arbitrary SQL queries as the MySQL root user when Slow Query logging is enabled. The flaw affects multiple cPanel branches (11.86 through 11.136), WP Squared, and the CloudLinux 6/CentOS 6 builds, with no public exploit identified at time of analysis. EPSS is low (0.03%) and SSVC marks exploitation as 'none', but technical impact is rated total because the injection runs with full database privileges.

SQLi Cpanel Wp Squared Cpanel Cloudlinux 6 Centos 6
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-44724 HIGH PATCH GHSA This Week

Command injection in Node.js systeminformation library (versions 4.17.0 through 5.31.5) allows local authenticated attackers with NetworkManager configuration rights to execute arbitrary shell commands when networkInterfaces() is called on Linux systems. The vulnerability stems from unsanitized NetworkManager connection profile names being interpolated into three shell command strings executed via execSync(). While the library sanitizes network interface names, it fails to apply equivalent sanitization to connection profile names parsed from nmcli output. The vendor has released patch version 5.31.6. CVSS score of 7.8 (High) reflects local attack vector requiring low privileges, but successful exploitation grants full process privileges-critical when the calling application runs with elevated rights, as is common in monitoring agents, inventory tools, and system management dashboards.

Node.js Command Injection
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45152 HIGH PATCH GHSA This Week

Command injection in uniget (gitlab.com/uniget-org/cli) before v0.27.1 enables arbitrary shell command execution when the CLI processes attacker-controlled tool metadata. The `check` field from JSON metadata is concatenated into a `/bin/bash -c` invocation by `RunVersionCheck()` in tool.go, so common operations like `describe`, `install`, `update`, or `inspect` trigger execution under the invoking user's privileges. Publicly available exploit code exists (vendor PoC in GHSA-qqq4-5773-pmw5); EPSS is low at 0.03% (10th percentile) and the issue is not in CISA KEV.

Docker RCE Command Injection
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43476 HIGH PATCH This Week

Local privilege escalation potential exists in the Linux kernel's IIO chemical sensor subsystem, specifically the sps30_i2c driver, where an incorrect sizeof() calculation in sps30_i2c_read_meas() uses sizeof(size_t) instead of sizeof(*meas), creating a buffer size mismatch. Affecting Linux kernel versions from 5.14 onward, the flaw could lead to memory corruption or out-of-bounds access when handling measurement data from Sensirion SPS30 particulate matter sensors over I2C. EPSS is very low at 0.02% and there is no public exploit identified at time of analysis, but a CVSS of 7.8 reflects high local impact on confidentiality, integrity, and availability.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43481 HIGH PATCH This Week

Double-free condition in the Linux kernel's net-shapers subsystem allows local low-privileged attackers to corrupt kernel memory via the generic netlink interface. The flaw occurs because net_shaper_nl_get_doit() and net_shaper_nl_cap_get_doit() incorrectly call nlmsg_free() on a reply skb that was already consumed by genlmsg_reply(), enabling potential privilege escalation. No public exploit identified at time of analysis and EPSS scoring places exploitation probability at only 0.02%.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-30905 HIGH PATCH This Week

Local privilege escalation in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 allows an authenticated low-privileged user to elevate to higher privileges through external control of a file name or path during installation routines. The flaw was reported by Zoom and carries CVSS 7.8 with total technical impact, though no public exploit identified at time of analysis and EPSS sits at 0.01%. SSVC indicates exploitation status 'none' and the attack is not automatable, marking this as a patch-on-schedule rather than emergency item.

Microsoft Privilege Escalation Zoom Workplace Vdi Plugin
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-30906 HIGH PATCH This Week

Local privilege escalation in Zoom Rooms for Windows versions prior to 7.0.0 allows an authenticated user to gain elevated privileges through an untrusted search path weakness in the installer. The flaw (CWE-426) carries a CVSS 7.8 (High) rating with complete confidentiality, integrity, and availability impact, though EPSS exploitation probability is very low (0.01%) and there is no public exploit identified at time of analysis. CISA SSVC indicates no observed exploitation but total technical impact, making this a credible insider-threat or post-compromise escalation vector rather than an internet-facing risk.

Microsoft Privilege Escalation Zoom Rooms
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-8336 HIGH PATCH This Week

Authenticated users can crash MongoDB Server by chaining specific server-side JavaScript operations ($_internalJsEmit or mapreduce map functions) with subsequent JavaScript engine invocations ($where, $function, mapreduce reduce stages), triggering a use-after-free condition. Affects MongoDB Server 7.0 (prior to 7.0.34), 8.0 (prior to 8.0.23), 8.2 (prior to 8.2.9), and 8.3 (prior to 8.3.2). Vendor-released patches available for all affected branches. No public exploit identified at time of analysis; EPSS score of 0.05% (16th percentile) suggests low observed exploitation probability despite 7.7 CVSS score. The CWE-416 use-after-free root cause requires precise sequencing of JavaScript operations, limiting exploitability.

Denial Of Service Use After Free Memory Corruption Mongodb Server
NVD VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-6929 HIGH This Week

Time-based blind SQL injection in JoomSport WordPress plugin (all versions ≤5.7.7) enables unauthenticated remote attackers to extract sensitive database contents including credentials, user data, and configuration secrets via the unsanitized 'sortf' parameter. CVSS 7.5 (High) with network attack vector, low complexity, and no authentication required. EPSS data not provided; no CISA KEV listing indicates exploitation not yet confirmed in the wild. Wordfence Threat Intel reported this vulnerability with proof-of-concept code references pointing to specific vulnerable functions in class-jsport-getplayers.php and class-jsport-playerlist.php, enabling straightforward exploitation by security researchers and threat actors alike.

SQLi WordPress
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-4798 HIGH This Week

Time-based SQL injection in Avada Builder for WordPress allows remote unauthenticated attackers to extract sensitive database information via the 'product_order' parameter. CVSS 7.5 (High) reflects network-accessible attack vector with no authentication required, but exploitation is limited to specific deployments where WooCommerce was previously installed then deactivated. No active exploitation confirmed (not in CISA KEV), but vulnerability disclosed by Wordfence Threat Intelligence with technical details publicly available.

SQLi WordPress
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-44478 HIGH PATCH This Week

Information disclosure in Hoppscotch (versions 2025.7.0 through pre-2026.4.0) allows unauthenticated remote attackers to retrieve all infrastructure secrets in plaintext by issuing a GET request to /v1/onboarding/config when the ONBOARDING_RECOVERY_TOKEN database value is an empty string. The flaw is an incomplete fix for CVE-2026-28215, which patched the POST counterpart but left the read endpoint exposed; publicly available exploit code exists per SSVC, although no public exploit identified at time of analysis in references, and EPSS is low at 0.04%.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-27850 HIGH This Week

Arbitrary file read on Garmin WDU v1 1.4.6 and v2 5.0 allows remote unauthenticated attackers to retrieve sensitive files from the device filesystem via symlink injection in uploaded graphics packages. The locally-served web server follows symlinks without filesystem restriction, enabling information disclosure. EPSS score of 0.02% (5th percentile) indicates low widespread exploitation probability. No public exploit or CISA KEV listing identified at time of analysis.

Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-28344 HIGH This Week

Remote denial-of-service attacks against striso-control-firmware commit 54c9722 via buffer overflow in AuxJack function allow unauthenticated network attackers to crash the device. Despite the high CVSS 7.5 severity, impact is limited to availability (no code execution, data theft, or privilege escalation), and the vulnerability affects an unversioned development commit of specialized musical instrument firmware with a narrow user base. No public exploit code or active exploitation indicators identified at time of analysis.

Stack Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-28343 HIGH This Week

Remote denial-of-service attack against striso-control-firmware commit 54c9722 allows network attackers to crash the device through a buffer overflow in the ThreadReadButtons function, resulting in complete service unavailability. CVSS 7.5 High severity with network attack vector requiring no authentication or user interaction. EPSS and KEV data not available; no public exploit code identified at time of analysis, though technical details disclosed in GitHub issue #5 could facilitate development.

Stack Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33376 HIGH PATCH This Week

Authentication bypass in Grafana OSS Auth Proxy allows remote attackers to circumvent IPv6 allow-list restrictions because the feature applies a /32 default mask to IPv6 addresses instead of the appropriate /128, dramatically widening the trusted address space and potentially admitting unauthorized clients into authenticated sessions. The flaw is confined to the Auth Proxy authentication path - Okta, SAML, and LDAP integrations are unaffected - and at this time there is no public exploit identified at time of analysis, with EPSS at 0.03% and SSVC marking exploitation as 'none.'

Information Disclosure Grafana Oss
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-44467 HIGH PATCH This Week

Man-in-the-middle attacks against Claude Desktop's SSH remote development feature are possible in versions 1.2581.0 through 1.4303.x because the client only checks that a hostname exists in ~/.ssh/known_hosts without verifying that the server's presented host key matches the stored key. A network-positioned adversary can substitute an arbitrary host key during an SSH handshake and have the connection silently accepted, allowing interception or modification of remote developer sessions. No public exploit identified at time of analysis, and EPSS (0.02%) plus SSVC (Exploitation: none) indicate no active exploitation despite the high CVSS 4.0 score of 7.4.

RCE Claude Desktop
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2025-27853 HIGH This Week

Authentication bypass in Garmin WDU v1 1.4.6 and v2 5.0 allows remote unauthenticated attackers to execute arbitrary commands via WebSocket API. The web interface implements client-side-only authentication while the WebSocket backend enforces no authentication, enabling complete bypass by directly accessing remote APIs. With CVSS 7.3 (AV:N/AC:L/PR:N) but only 0.03% EPSS probability, this represents a critical design flaw in deployed devices rather than actively exploited widespread threat. No public exploit identified at time of analysis.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-0236 HIGH PATCH This Week

Local code injection in Palo Alto Networks Prisma Browser on macOS lets an authenticated non-admin user abuse an exposed AppleScript/Apple Event handler to send unauthorized commands to the browser, with high impact on confidentiality and integrity. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but SSVC rates the technical impact as total once the local foothold exists. Affects all Prisma Browser releases prior to 146.16.6.165 on macOS.

Apple Paloalto Code Injection RCE Prisma Browser
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-37430 HIGH This Week

Arbitrary file upload in qihang-wms (启航电商WMS) allows unauthenticated remote attackers to execute arbitrary code by uploading malicious files through the ShopOrderImportController component. The vulnerability affects commit 75c15a and potentially other versions of this warehouse management system. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and no active exploitation has been confirmed by CISA KEV at time of analysis. Public exploit documentation exists via GitHub/Gist references.

Java RCE File Upload N A
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-55045 HIGH This Week

Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-0237 HIGH PATCH This Week

Local privilege escalation in Palo Alto Networks Prisma Browser on macOS allows a locally authenticated non-admin user to access an internal automation bridge that was insufficiently restricted, enabling unauthorized commands to be sent to the browser and bypassing built-in security controls. The flaw is tracked as CVE-2026-0237 with a CVSS 4.0 score of 7.3 and no public exploit identified at time of analysis, though SSVC rates the technical impact as total.

Apple Paloalto Authentication Bypass Prisma Browser
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-36741 HIGH This Week

Command injection in U-SPEED AC1200 Gigabit Wi-Fi Router (Model T18-21K) V1.0 allows authenticated administrators to execute arbitrary system commands with elevated privileges through the Network Time Protocol (NTP) configuration interface. The vulnerability stems from insufficient input sanitization in NTP settings fields, enabling full system compromise. CVSS score of 7.2 reflects high impact across confidentiality, integrity, and availability. Public proof-of-concept code exists via GitHub repository (N0tMilk/vulnerability-research), though no active exploitation has been confirmed via CISA KEV at time of analysis. EPSS data not available for risk probability assessment.

Command Injection T18 21K Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-0265 HIGH PATCH NEWS This Week

Authentication bypass in Palo Alto Networks PAN-OS allows unauthenticated network attackers to circumvent authentication controls when the Cloud Authentication Service (CAS) feature is enabled, with the highest risk when CAS is bound to the management interface. The flaw affects PA-Series and VM-Series firewalls as well as Panorama (virtual and M-Series); Cloud NGFW and Prisma Access are not impacted. No public exploit identified at time of analysis, and EPSS rates real-world exploitation probability low at 0.08%, but the high-value target profile and CWE-347 (Improper Verification of Cryptographic Signature) class - combined with the 'Jwt Attack' tag - warrant prompt patching.

Paloalto Authentication Bypass Jwt Attack Cloud Ngfw Pan Os +1
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-6888 HIGH NEWS This Week

SQL injection in multiple Advantech industrial IoT platforms allows remote authenticated attackers with high privileges to execute arbitrary database commands. Affected products include WebAccess/SCADA, SaaS Composer, IoTSuite Growth/Starter, and IoT Edge across Windows and Linux Docker deployments. The vulnerability enables complete database compromise - attackers can read sensitive industrial control system data, modify configurations, or delete critical operational information. CVSS 7.2 reflects high impact across confidentiality, integrity, and availability, though exploitation requires administrative credentials (PR:H), significantly limiting attack surface compared to unauthenticated SQL injection vulnerabilities.

SQLi Saas Composer Iotsuite Growth Linux Docker Iotsuite Starter Linux Docker Iot Edge Linux Docker +4
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-20916 HIGH PATCH This Week

Authenticated low-privilege users can write arbitrary files to the BIG-IQ system filesystem via path traversal in an undisclosed iControl REST endpoint, enabling system compromise through configuration manipulation or code execution. F5 has released patches for supported versions. While requiring authentication (PR:L), the low complexity (AC:L) and network vector (AV:N) allow remote attackers with minimal access to achieve high integrity and availability impact through file overwrites of critical system or application files.

Path Traversal Big Iq
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-0264 HIGH PATCH NEWS This Week

Heap-based buffer overflow in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to trigger a denial-of-service condition across all PAN-OS platforms (except Cloud NGFW and Prisma Access) and potentially achieve arbitrary code execution on PA-Series hardware appliances via specially crafted network traffic. The flaw is rated CVSS 7.2 with high attack complexity; no public exploit identified at time of analysis and EPSS is 0.07%, but the technical impact is rated total by SSVC.

Heap Overflow RCE Buffer Overflow Denial Of Service Paloalto +3
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-0263 HIGH PATCH NEWS This Week

Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IKEv2 processing path, allowing unauthenticated network attackers to either crash the firewall or run arbitrary code with elevated privileges. The flaw affects multiple PAN-OS branches (11.1.x, 11.2.x, and 12.1.x) while Panorama, Cloud NGFW, and Prisma Access remain unaffected. There is no public exploit identified at time of analysis, EPSS sits at a low 0.06% (19th percentile), and CISA SSVC currently lists exploitation as 'none'.

Memory Corruption RCE Buffer Overflow Denial Of Service Paloalto +3
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-45708 HIGH PATCH This Week

Authenticated remote code execution in CubeCart v6 prior to 6.7.3 allows an admin with documents-edit permission to embed raw PHP into the Invoice Editor template, which is later written to a predictable files/print.<md5>.php path that the bundled .htaccess explicitly exposes to unauthenticated visitors. SSVC rates technical impact as total and a POC exists, though EPSS remains very low (0.04%) and the issue is not on CISA KEV - no public exploit identified at time of analysis beyond researcher disclosure.

PHP Code Injection RCE V6
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-45371 HIGH PATCH GHSA This Week

Authorization bypass in SiYuan note-taking platform versions up to and including v3.6.5 allows publish-mode Readers (anonymous visitors) and read-only Editors to invoke eight state-mutating APIs that are missing CheckAdminRole and CheckReadonly middleware. Attackers with only basic CheckAuth (including unauthenticated publish visitors) can rewrite the workspace conf.json, manipulate cloud sync intervals, overwrite graph configuration, poison the SQL block index, and tamper with the admin's recent-documents list. No public exploit identified at time of analysis, but a detailed PoC accompanies the advisory and EPSS sits at 0.04% (12th percentile).

Authentication Bypass Information Disclosure Docker
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-39358 HIGH PATCH This Week

Authenticated SQL injection in CubeCart v6.x prior to 6.6.0 allows administrative users to execute arbitrary SQL commands through unsanitized sorting parameters on Products and Logs endpoints. Per SSVC, a proof-of-concept exists but the vulnerability is not in CISA KEV, and EPSS scoring (0.03%) reflects very low predicted exploitation activity due to the high-privilege prerequisite.

SQLi V6
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-62627 HIGH This Week

An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting in loss of confidentiality or availability.

VMware Information Disclosure
NVD VulDB
CVSS 4.0
7.2
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy