Skip to main content
CVE-2026-8398 CRITICAL POC KEV PATCH THREAT Act Now

Supply chain compromise of DAEMON Tools Lite for Windows delivered trojanized installers through the legitimate vendor website daemon-tools.cc from April 8 to May 5, 2026. Attackers compromised AVB Disc Soft's build infrastructure and injected malicious code into three binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe), all signed with the vendor's legitimate code-signing certificate. This allowed remote attackers to achieve arbitrary code execution on systems installing affected versions (12.5.0.2421 through 12.5.0.2434) with no user interaction required beyond normal installation. The legitimate digital signature bypassed security controls that rely on code-signing verification, making detection extremely difficult during the compromise window.

Authentication Bypass Microsoft
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
Threat
4.9
CVE-2021-47965 CRITICAL POC Act Now

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE WordPress
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-46364 CRITICAL POC PATCH GHSA Act Now

Unauthenticated SQL injection in phpMyFAQ before 4.1.2 allows remote attackers to extract credentials, admin tokens, and SMTP secrets by sending a crafted User-Agent header to the public GET /api/captcha endpoint. The flaw sits in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha(), which interpolate the header into DELETE and INSERT statements via sprintf with no escaping. No public exploit identified at time of analysis, though VulnCheck has published a detailed reachability writeup and a verified time-based blind PoC payload appears in the GHSA advisory.

Information Disclosure SQLi Phpmyfaq
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-46333 HIGH POC PATCH CISA Act Now

Local privilege escalation in the Linux kernel ptrace subsystem allows authenticated users to bypass the traditional capability-dropping security model when accessing kernel thread details via PTRACE_MODE_READ_FSCREDS checks. The flaw stems from get_dumpable() logic returning misleading values for tasks without an associated memory map (mm), enabling uid-0 processes that have dropped capabilities to still read sensitive kernel thread information. Publicly available exploit code exists (referenced in OSS-security and a GitHub PoC against ssh-keysign), though EPSS scoring (0.02%) indicates low likelihood of widespread exploitation.

Privilege Escalation Linux
NVD VulDB GitHub
CVSS 3.1
7.1
EPSS
0.0%
Threat
4.9
CVE-2021-47966 HIGH POC This Week

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login_userid parameter of login.php that allows unauthenticated attackers to extract database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2021-47964 HIGH POC This Week

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Code Injection RCE
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2021-47959 HIGH POC This Week

WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service WordPress
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-2652 HIGH POC PATCH GHSA This Week

Authentication bypass in MLflow 3.9.0 and earlier allows unauthenticated remote attackers to access protected Job API and OpenTelemetry trace ingestion endpoints when the server runs with basic-auth enabled via uvicorn/ASGI. Attackers can submit jobs, read results, cancel operations, and inject trace data without credentials. The FastAPI permission middleware incorrectly enforced authentication only on /gateway/ routes, leaving /ajax-api/3.0/jobs/* and /v1/traces unprotected due to architectural mismatch between Flask and FastAPI authentication mechanisms. Fixed in version 3.10.0 with GitHub commit bb62e77 adding proper validators for all FastAPI routes.

Authentication Bypass Python
NVD GitHub
CVSS 3.0
8.6
EPSS
0.1%
CVE-2026-41553 CRITICAL PATCH Act Now

Remote code execution in DHTMLX PDF Export Module (used by Gantt and Scheduler) allows unauthenticated attackers to inject malicious JavaScript into unsanitized 'data' parameter, achieving arbitrary code execution on Node.js backend servers. Critical vulnerability (CVSS 4.0: 10.0) with complete system compromise potential affecting server confidentiality, integrity, and availability. Vendor-released patch available in version 0.7.6. No confirmed active exploitation (not in CISA KEV), but command injection via web-accessible APIs typically sees rapid weaponization once disclosed.

Command Injection RCE Node.js
NVD VulDB
CVSS 4.0
10.0
EPSS
0.4%
CVE-2026-2031 CRITICAL PATCH Act Now

Remote code execution in Google Cloud Application Integration allows unauthenticated attackers to access exposed internal API endpoints and execute arbitrary code. The vulnerability stems from improper access controls on internal APIs that were inadvertently exposed to external networks. With a CVSS 4.0 score of 10.0, this represents a critical risk allowing both information disclosure and full system compromise without authentication.

Google Authentication Bypass RCE
NVD
CVSS 4.0
10.0
EPSS
0.3%
CVE-2026-5229 CRITICAL Act Now

Authentication bypass in Form Notify WordPress plugin versions ≤1.1.10 allows remote unauthenticated attackers to gain administrator access through LINE OAuth flow manipulation. Attackers exploit the plugin's trust of the 'form_notify_line_email' cookie when LINE OAuth doesn't return an email address, authenticating as any site user by injecting a cookie containing the victim's email while completing OAuth with their own LINE account. Wordfence reported this vulnerability with proof-of-concept code available via GitHub commit diffs. EPSS data not available, but the CVSS 9.8 score and network vector with no authentication requirement indicate critical severity. No CISA KEV listing at time of analysis.

Authentication Bypass WordPress
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-44717 CRITICAL PATCH Act Now

Remote code execution in MCP Calculate Server versions before 0.1.1 allows unauthenticated attackers to execute arbitrary Python code via unsanitized mathematical expressions passed to eval(). The vulnerability stems from processing user-supplied math expressions without input validation, enabling injection of malicious Python code. While no public exploit or active exploitation has been identified, the network-accessible attack vector and lack of required authentication make this a critical risk for exposed instances.

RCE Code Injection Mcp Calculate Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-46383 MEDIUM POC PATCH GHSA This Month

Archive extraction boundary failure in Microsoft APM's legacy-bundle probe allows local attackers to overwrite arbitrary files on Windows systems running Python 3.10 or 3.11. When users run 'apm install' on a malicious .tar.gz file, untrusted tar members bypass path validation, enabling absolute path writes (e.g., D:/...) that compromise system integrity. Fixed in version 0.13.0. No active exploitation confirmed at time of analysis, but the local attack vector with user interaction required (CVSS AV:L/UI:R) limits real-world risk to social engineering scenarios targeting AI agent developers on Windows platforms.

Path Traversal Python Microsoft
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-45035 CRITICAL PATCH Act Now

Remote code execution in Tabby terminal emulator versions prior to 1.0.233 allows unauthenticated attackers to execute arbitrary OS commands via malicious tabby:// URL scheme links. When users click a crafted link containing tabby://run?command=..., Tabby spawns the specified command with full user privileges without any confirmation or sanitization. The vulnerability carries a CVSS 9.4 score due to network vector and high impact across all security dimensions.

Command Injection Tabby
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-45010 CRITICAL PATCH GHSA Act Now

Two-factor authentication bypass in phpMyFAQ before 4.1.2 lets unauthenticated remote attackers brute-force any administrator's six-digit TOTP code by submitting sequential POST requests to the /admin/check endpoint, which lacks session binding and rate limiting. CVSS 4.0 scores this 9.3 with no public exploit identified at time of analysis, though a proof-of-concept is described in the GHSA advisory and SSVC marks exploitation as 'poc' with total technical impact. EPSS is low at 0.12%, reflecting limited observed scanning despite the trivial 10^6 keyspace exhaustible in minutes.

RCE Phpmyfaq
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2021-47958 MEDIUM POC This Month

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF
NVD Exploit-DB GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-0481 CRITICAL Act Now

Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability

Amd Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2026-41552 CRITICAL PATCH Act Now

Path traversal in DHTMLX PDF Export Module (used by Gantt and Scheduler) allows remote unauthenticated attackers to read arbitrary local files from the server and embed them in generated PDFs. The vulnerability stems from insufficient HTML sanitization in the module's PDF generation process. CERT-PL reported this issue, and DHTMLX released version 0.7.6 to address it. No active exploitation confirmed by CISA KEV, but the low attack complexity and network attack vector make this a priority for organizations using affected Gantt or Scheduler deployments.

Path Traversal Pdf Export Module
NVD VulDB
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-7182 CRITICAL PATCH Act Now

Path traversal in DHTMLX Diagram's export module allows remote unauthenticated attackers to exfiltrate local server files through crafted HTML payloads in the src attribute. The vulnerability exposes high-value server-side information (CVSS VC:H, SC:H) by embedding local files into generated PDFs without requiring authentication (PR:N) or user interaction (UI:N). DHTMLX released a fix in version 1.1.1, confirmed by CERT-PL advisory and vendor changelog.

Path Traversal Diagram
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2021-47967 MEDIUM POC This Month

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-44699 CRITICAL PATCH Act Now

Algorithm confusion in LibJWT 3.0.0 through 3.3.2 allows authentication bypass when RSA JWKs lack the 'alg' parameter. The OpenSSL backend incorrectly processes HMAC verification with a zero-length key when an RSA key without 'alg' is used to verify HS256/HS384/HS512 tokens, enabling attackers to forge valid JWTs without knowing any secret. Public exploit code exists (SSVC), making this a critical authentication bypass affecting applications using JWKS-based key lookup.

OpenSSL Authentication Bypass Suse
NVD GitHub
CVSS 4.0
9.1
EPSS
0.0%
CVE-2021-47968 MEDIUM POC PATCH This Month

Podcast Generator 3.1 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Podcast Generator
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47962 MEDIUM POC This Month

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Savsoft Quiz
NVD Exploit-DB GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47963 MEDIUM POC This Month

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Anote
NVD Exploit-DB GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-6228 HIGH This Week

Privilege escalation in Frontend Admin by DynamiApps plugin allows authenticated attackers with editor-level access to elevate privileges to administrator. The vulnerability exists due to insufficient authorization checks when configuring user role options in edit_user forms combined with overly permissive capabilities on the admin_form post type. Attackers can bypass UI restrictions by directly manipulating POST data to include 'administrator' in role_options, then use the crafted form to assign themselves administrator privileges. CVSS 8.8 reflects network-accessible, low-complexity exploitation requiring only low privileges (editor account). No public exploit code identified at time of analysis, though the attack chain is straightforward for authenticated users. EPSS data not provided, but the technical barrier is minimal once editor access is obtained.

Privilege Escalation PHP WordPress
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-45578 HIGH GHSA This Week

Remote code execution in AVideo streaming platform allows authenticated users with streaming privileges to execute arbitrary OS commands through shell metacharacter injection in the Live plugin. The vulnerability exists in the on_publish.php webhook endpoint which builds shell commands using unsafe string concatenation instead of proper escaping, allowing attackers to inject commands via specially crafted stream keys containing single quotes. While the CVSS indicates low privileges required (authenticated users with canStream permission), the impact is severe as it grants full web server user access.

Command Injection Apache Nginx RCE PHP
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43490 HIGH PATCH This Week

Out-of-bounds read and buffer overflow in the Linux kernel's ksmbd SMB server allows authenticated remote attackers to corrupt memory or read past allocated buffers by sending a malformed inheritable ACE with an inflated num_subauth value. The flaw resides in smb_inherit_dacl() and smb_set_ace(), where the variable-length SID is not bounds-checked during DACL inheritance, enabling heap corruption with potential for remote code execution against any SMB server using ksmbd. EPSS is very low (0.02%) and no public exploit identified at time of analysis, but the vendor patch is available across multiple stable branches.

Linux Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-31317 HIGH This Week

Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in. Rated high severity (CVSS 8.8). No vendor patch available.

Buffer Overflow Amd RCE
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2024-36323 HIGH This Week

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Amd Radeon Rx 7000 Series Graphics Products Amd Radeon Pro W7000 Series Graphics Products Amd Instinct Mi308X Amd Instinct Mi325X +2
NVD VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-45717 HIGH PATCH GHSA This Week

Budibase servers before version 3.38.1 allow any authenticated application user to modify datasource connection parameters through the REST API endpoint PUT /api/datasources/:datasourceId, which requires only basic TABLE/READ permissions instead of builder-level access. This authorization bypass enables attackers with minimal BASIC role privileges to redirect PostgreSQL, MySQL, MongoDB, or REST datasources to arbitrary hosts and ports, creating server-side request forgery (SSRF) conditions that bypass existing HTTP-layer protections for SQL driver connections. The vulnerability has been assigned CVSS 8.8 (High) and is fixed in Budibase 3.38.1.

Authentication Bypass PostgreSQL Privilege Escalation SSRF Command Injection
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8695 HIGH PATCH This Week

Remote attackers can trigger memory corruption in radare2 6.1.5 through its GDB remote debugging interface, causing denial of service or potentially achieving code execution. The use-after-free vulnerability in gdbr_threads_list() occurs when processing a valid qfThreadInfo response followed by a malformed qsThreadInfo response, leading to improper memory management. VulnCheck reported this issue and vendor patch commit c213ad6894a1eb9086ac8bf5fae35757e9e1683c addresses the vulnerability.

Denial Of Service RCE Buffer Overflow Memory Corruption Use After Free +1
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-8696 HIGH This Week

Memory corruption in radare2 6.1.5's GDB client allows remote attackers to crash the application or potentially execute code through malformed thread information responses. The vulnerability triggers when the GDB remote protocol's qsThreadInfo command fails after qfThreadInfo has allocated memory, causing a use-after-free condition. While no public exploits have been identified, the CVSS 8.7 score reflects the potential for remote unauthenticated denial of service impact.

Denial Of Service RCE Buffer Overflow Memory Corruption Use After Free +1
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-46366 HIGH PATCH GHSA This Week

{id}.html endpoint, leaking titles, internal IDs, languages, and category bindings via 301 redirect Location headers. The flaw stems from a missing permission filter in the getIdFromSolutionId() method, and a publicly available exploit code path is documented in the GitHub Security Advisory (GHSA-99qv-g4x9-mgc3) with SSVC marking exploitation as PoC and automatable. EPSS is low (0.06%, 19th percentile) and the issue is not in CISA KEV, indicating no confirmed active exploitation despite the high CVSS 4.0 score of 8.7.

Authentication Bypass Canonical Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-41147 HIGH PATCH GHSA This Week

Stored Cross-Site Scripting (XSS) in NukeViet CMS versions up to 4.5.07 allows unauthenticated attackers to inject malicious HTML/JavaScript through any module using the Request class for HTML input. The vulnerability stems from insufficient server-side sanitization that relies on client-side filtering, which attackers can bypass using proxy tools like Burp Suite. While not currently listed in CISA KEV and lacking public exploit code, the issue poses significant risk as it requires no authentication and affects administrative users viewing user-submitted content.

XSS PHP
NVD GitHub
CVSS 3.1
8.7
EPSS
0.1%
CVE-2026-8654 HIGH PATCH This Week

Command injection in Delphix Continuous Data database connectors allows authenticated attackers with low-privilege network access to execute arbitrary operating system commands on staging or target hosts. The vulnerability affects multiple database connector types (IBM DB2, MongoDB, PostgreSQL, MySQL, Oracle EBS, SAP HANA, CockroachDB, Couchbase, Cassandra, YugabyteDB) due to improper input validation (CWE-78). Network-based exploitation with low complexity (AV:N/AC:L) requires authentication (PR:L) but no user interaction, resulting in complete compromise of confidentiality, integrity, and availability on affected connector hosts. Vendor Perforce has published an advisory; no CISA KEV listing or public exploit identified at time of analysis.

Command Injection Ibm Db2 Connector Mangodb Connector Postgresql Connector Mysql Connector +9
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-8686 HIGH PATCH This Week

Denial of service vulnerability in coreMQTT versions before 5.0.1 allows remote MQTT brokers to crash client applications through malformed MQTT v5.0 property packets. The vulnerability stems from missing bounds validation in the property parser, enabling out-of-bounds read conditions (CWE-125). Amazon Web Services has issued a security bulletin and released version 5.0.1 to address this issue.

Buffer Overflow Information Disclosure Denial Of Service Coremqtt
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-45800 HIGH PATCH This Week

SQL injection in Vvveb CMS versions before 1.0.8.3 allows authenticated frontend users to execute arbitrary SQL queries through the order history page. The vulnerability exists in the /user/orders endpoint where order_by and direction parameters are directly concatenated into SQL queries without sanitization, enabling database compromise with low-privileged user credentials. The vendor has released version 1.0.8.3 to address this issue.

SQLi Vvveb
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-44088 HIGH PATCH This Week

Remote code execution in SzafirHost before 1.2.1 allows unauthenticated attackers to bypass JAR signature verification through a ZIP file smuggling technique. The vulnerability exploits a discrepancy between verification logic (JarInputStream reading from file beginning) and class loading (JarFile/URLClassLoader reading Central Directory from file end), enabling attackers to combine a legitimately signed JAR with malicious classes. CERT-PL confirmed this vulnerability, and the vendor released patch version 1.2.1. EPSS data not available, not listed in CISA KEV, requiring user interaction (UI:A) for exploitation.

RCE File Upload Szafirhost
NVD VulDB
CVSS 4.0
8.6
EPSS
0.3%
CVE-2026-46491 HIGH PATCH GHSA This Week

Path traversal in SimpleSAMLphp's CAS server module allows unauthenticated remote attackers to read and deserialize arbitrary files outside the ticket directory via crafted ticket parameters. When using FileSystemTicketStore, attackers can inject '../' sequences into CAS validation endpoints to escape the configured directory, potentially deleting files that contain serialized PHP data compatible with array types. The vulnerability has a CVSS score of 8.6 with no public exploits identified at time of analysis.

Path Traversal PHP Deserialization
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-21962 HIGH This Week

Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Amd RCE
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-54517 HIGH This Week

Buffer overflow in AMD GPU driver IOCTL handler enables local privilege escalation to root on Linux systems running AMD Instinct or Radeon Pro GPUs. Authenticated local users with low privileges can exploit an out-of-bounds write vulnerability in the AMDGV_CMD_GET_DIAG_DATA IOCTL to achieve arbitrary kernel code execution. EPSS data not available; no public exploit or CISA KEV listing identified at time of analysis, suggesting limited active exploitation despite high CVSS 8.5 severity.

Amd Memory Corruption Buffer Overflow RCE
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-28761 HIGH This Week

Cross-site request forgery in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier enables remote attackers to execute unauthorized operations through victim's authenticated session via malicious web pages. Successful exploitation achieves high confidentiality and integrity impact without requiring attacker authentication. Reported by JPCERT to JVN, indicating likely targeting of Japanese enterprise deployments. No active exploitation (CISA KEV) or public POC identified at time of analysis.

Information Disclosure CSRF Musetheque V4 Information Disclosure For Ipknowledge
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-7373 HIGH This Week

Local privilege escalation in Rapid7 Metasploit Pro allows unprivileged Windows users to achieve SYSTEM-level execution via OpenSSL configuration file hijacking. The metasploitPostgreSQL service loads openssl.cnf from a non-existent directory writable by standard users, enabling arbitrary command execution with SYSTEM privileges. Rated CVSS 8.5 (High) with proof-of-concept exploitation status (E:P). EPSS data not yet available. Not currently listed in CISA KEV catalog, suggesting vendor-disclosed rather than observed in-the-wild exploitation at time of analysis.

Privilege Escalation Microsoft PostgreSQL OpenSSL
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-52540 HIGH This Week

Out-of-bounds write in the AMD Platform Management Framework (PMF) Driver enables local authenticated users to escalate privileges on AMD Ryzen 6000/7000/8000 series processors. The vulnerability stems from improper input validation (CWE-787) allowing memory corruption beyond allocated buffer boundaries. Exploitation requires low-privilege local access with low attack complexity (CVSS 4.0: AV:L/AC:L/PR:L), making this a realistic post-compromise escalation vector. AMD released chipset driver version 7.06.02.123 addressing all affected Ryzen series. No public exploit or active exploitation confirmed at time of analysis.

Privilege Escalation Amd Memory Corruption Buffer Overflow
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-48519 HIGH This Week

Out-of-bounds read/write in AMD Platform Management Framework (PMF) driver allows local authenticated users to escalate privileges on Ryzen 6000/7000/8000 series processors. AMD has released patched chipset software version 7.06.02.123 addressing the improper input validation vulnerability. No public exploit code identified and CISA has not added this to KEV, indicating exploitation is not yet confirmed in real-world attacks despite the high CVSS score. Attackers must already have local system access with standard user privileges to exploit this vulnerability.

Privilege Escalation Amd Memory Corruption Buffer Overflow
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-0432 HIGH This Week

Insecure installation directory permissions in AMD chipset driver allow local authenticated attackers to achieve SYSTEM-level privilege escalation and execute arbitrary code. The vulnerability affects nearly all AMD Ryzen, Threadripper, EPYC, and Athlon processors across desktop, mobile, embedded, and server product lines. AMD has released patched chipset driver versions 8.01.20.513 (consumer/workstation) and 8.03.14.329/8.03.16.641 (server). No active exploitation confirmed at time of analysis, but the local vector and low attack complexity make this exploitable by any authenticated Windows user, including standard users without admin rights.

Privilege Escalation Amd RCE
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-29936 HIGH This Week

Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to unmap arbitrary memory pages, potentially executing code with elevated privileges or triggering system crashes. Affects modern AMD Ryzen mobile processors across multiple generations (6000/7000/8000/AI 300 series, embedded variants). The vulnerability enables both horizontal escalation (confidentiality compromise via changed scope in CVSS 4.0) and vertical impact (integrity/availability degradation). No evidence of active exploitation (not in CISA KEV), but the local attack vector with low complexity makes this exploitable by malware or malicious insiders once system access is obtained. EPSS data not available for risk calibration.

Privilege Escalation Amd
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-46508 HIGH PATCH This Week

Command injection in the Turborepo LSP VS Code extension before version 2.9.14000 allows arbitrary code execution when opening malicious workspaces. The vulnerability stems from unsafe string interpolation in shell commands, enabling attackers to inject commands through workspace settings or task names that execute with the user's VS Code process privileges. The CVSS 4.0 score of 8.4 indicates high severity with local access and user interaction required.

Command Injection Turborepo Vercel
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-45038 HIGH PATCH This Week

Local code execution in Tabby terminal emulator versions before 1.0.233 occurs when dragging and dropping files containing control characters in their paths. The terminal fails to properly escape control sequences, allowing attackers to execute arbitrary commands through crafted filenames when a user drags a malicious file into the terminal window.

RCE Tabby
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-29935 HIGH This Week

Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to execute arbitrary code with elevated system privileges through an out-of-bounds write vulnerability. Affects multiple AMD Ryzen processor series (6000, 7035, 7040, 8040, and Embedded R8000) across mobile and embedded platforms. The CVSS 4.0 score of 8.4 reflects high impact to system integrity and availability with changed scope, indicating the attacker can escape the vulnerable component's security context. No active exploitation confirmed in CISA KEV at time of analysis, and public exploit code availability is not indicated in current intelligence.

Amd Memory Corruption Buffer Overflow RCE
NVD
CVSS 4.0
8.4
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy