Skip to main content
CVE-2026-46333 HIGH POC PATCH CISA Act Now

Local privilege escalation in the Linux kernel ptrace subsystem allows authenticated users to bypass the traditional capability-dropping security model when accessing kernel thread details via PTRACE_MODE_READ_FSCREDS checks. The flaw stems from get_dumpable() logic returning misleading values for tasks without an associated memory map (mm), enabling uid-0 processes that have dropped capabilities to still read sensitive kernel thread information. Publicly available exploit code exists (referenced in OSS-security and a GitHub PoC against ssh-keysign), though EPSS scoring (0.02%) indicates low likelihood of widespread exploitation.

Privilege Escalation Linux
NVD VulDB GitHub
CVSS 3.1
7.1
EPSS
0.0%
Threat
4.9
CVE-2021-47966 HIGH POC This Week

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login_userid parameter of login.php that allows unauthenticated attackers to extract database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2021-47964 HIGH POC This Week

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Code Injection RCE
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2021-47959 HIGH POC This Week

WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service WordPress
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-2652 HIGH POC PATCH GHSA This Week

Authentication bypass in MLflow 3.9.0 and earlier allows unauthenticated remote attackers to access protected Job API and OpenTelemetry trace ingestion endpoints when the server runs with basic-auth enabled via uvicorn/ASGI. Attackers can submit jobs, read results, cancel operations, and inject trace data without credentials. The FastAPI permission middleware incorrectly enforced authentication only on /gateway/ routes, leaving /ajax-api/3.0/jobs/* and /v1/traces unprotected due to architectural mismatch between Flask and FastAPI authentication mechanisms. Fixed in version 3.10.0 with GitHub commit bb62e77 adding proper validators for all FastAPI routes.

Authentication Bypass Python
NVD GitHub
CVSS 3.0
8.6
EPSS
0.1%
CVE-2026-6228 HIGH This Week

Privilege escalation in Frontend Admin by DynamiApps plugin allows authenticated attackers with editor-level access to elevate privileges to administrator. The vulnerability exists due to insufficient authorization checks when configuring user role options in edit_user forms combined with overly permissive capabilities on the admin_form post type. Attackers can bypass UI restrictions by directly manipulating POST data to include 'administrator' in role_options, then use the crafted form to assign themselves administrator privileges. CVSS 8.8 reflects network-accessible, low-complexity exploitation requiring only low privileges (editor account). No public exploit code identified at time of analysis, though the attack chain is straightforward for authenticated users. EPSS data not provided, but the technical barrier is minimal once editor access is obtained.

Privilege Escalation PHP WordPress
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-45578 HIGH GHSA This Week

Remote code execution in AVideo streaming platform allows authenticated users with streaming privileges to execute arbitrary OS commands through shell metacharacter injection in the Live plugin. The vulnerability exists in the on_publish.php webhook endpoint which builds shell commands using unsafe string concatenation instead of proper escaping, allowing attackers to inject commands via specially crafted stream keys containing single quotes. While the CVSS indicates low privileges required (authenticated users with canStream permission), the impact is severe as it grants full web server user access.

Command Injection Apache Nginx RCE PHP
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43490 HIGH PATCH This Week

Out-of-bounds read and buffer overflow in the Linux kernel's ksmbd SMB server allows authenticated remote attackers to corrupt memory or read past allocated buffers by sending a malformed inheritable ACE with an inflated num_subauth value. The flaw resides in smb_inherit_dacl() and smb_set_ace(), where the variable-length SID is not bounds-checked during DACL inheritance, enabling heap corruption with potential for remote code execution against any SMB server using ksmbd. EPSS is very low (0.02%) and no public exploit identified at time of analysis, but the vendor patch is available across multiple stable branches.

Linux Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-31317 HIGH This Week

Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in. Rated high severity (CVSS 8.8). No vendor patch available.

Buffer Overflow Amd RCE
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2024-36323 HIGH This Week

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Amd Radeon Rx 7000 Series Graphics Products Amd Radeon Pro W7000 Series Graphics Products Amd Instinct Mi308X Amd Instinct Mi325X +2
NVD VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-45717 HIGH PATCH GHSA This Week

Budibase servers before version 3.38.1 allow any authenticated application user to modify datasource connection parameters through the REST API endpoint PUT /api/datasources/:datasourceId, which requires only basic TABLE/READ permissions instead of builder-level access. This authorization bypass enables attackers with minimal BASIC role privileges to redirect PostgreSQL, MySQL, MongoDB, or REST datasources to arbitrary hosts and ports, creating server-side request forgery (SSRF) conditions that bypass existing HTTP-layer protections for SQL driver connections. The vulnerability has been assigned CVSS 8.8 (High) and is fixed in Budibase 3.38.1.

Authentication Bypass PostgreSQL Privilege Escalation SSRF Command Injection
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8695 HIGH PATCH This Week

Remote attackers can trigger memory corruption in radare2 6.1.5 through its GDB remote debugging interface, causing denial of service or potentially achieving code execution. The use-after-free vulnerability in gdbr_threads_list() occurs when processing a valid qfThreadInfo response followed by a malformed qsThreadInfo response, leading to improper memory management. VulnCheck reported this issue and vendor patch commit c213ad6894a1eb9086ac8bf5fae35757e9e1683c addresses the vulnerability.

Denial Of Service RCE Buffer Overflow Memory Corruption Use After Free +1
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-8696 HIGH This Week

Memory corruption in radare2 6.1.5's GDB client allows remote attackers to crash the application or potentially execute code through malformed thread information responses. The vulnerability triggers when the GDB remote protocol's qsThreadInfo command fails after qfThreadInfo has allocated memory, causing a use-after-free condition. While no public exploits have been identified, the CVSS 8.7 score reflects the potential for remote unauthenticated denial of service impact.

Denial Of Service RCE Buffer Overflow Memory Corruption Use After Free +1
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-46366 HIGH PATCH GHSA This Week

{id}.html endpoint, leaking titles, internal IDs, languages, and category bindings via 301 redirect Location headers. The flaw stems from a missing permission filter in the getIdFromSolutionId() method, and a publicly available exploit code path is documented in the GitHub Security Advisory (GHSA-99qv-g4x9-mgc3) with SSVC marking exploitation as PoC and automatable. EPSS is low (0.06%, 19th percentile) and the issue is not in CISA KEV, indicating no confirmed active exploitation despite the high CVSS 4.0 score of 8.7.

Authentication Bypass Canonical Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-41147 HIGH PATCH GHSA This Week

Stored Cross-Site Scripting (XSS) in NukeViet CMS versions up to 4.5.07 allows unauthenticated attackers to inject malicious HTML/JavaScript through any module using the Request class for HTML input. The vulnerability stems from insufficient server-side sanitization that relies on client-side filtering, which attackers can bypass using proxy tools like Burp Suite. While not currently listed in CISA KEV and lacking public exploit code, the issue poses significant risk as it requires no authentication and affects administrative users viewing user-submitted content.

XSS PHP
NVD GitHub
CVSS 3.1
8.7
EPSS
0.1%
CVE-2026-8654 HIGH PATCH This Week

Command injection in Delphix Continuous Data database connectors allows authenticated attackers with low-privilege network access to execute arbitrary operating system commands on staging or target hosts. The vulnerability affects multiple database connector types (IBM DB2, MongoDB, PostgreSQL, MySQL, Oracle EBS, SAP HANA, CockroachDB, Couchbase, Cassandra, YugabyteDB) due to improper input validation (CWE-78). Network-based exploitation with low complexity (AV:N/AC:L) requires authentication (PR:L) but no user interaction, resulting in complete compromise of confidentiality, integrity, and availability on affected connector hosts. Vendor Perforce has published an advisory; no CISA KEV listing or public exploit identified at time of analysis.

Command Injection Ibm Db2 Connector Mangodb Connector Postgresql Connector Mysql Connector +9
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-8686 HIGH PATCH This Week

Denial of service vulnerability in coreMQTT versions before 5.0.1 allows remote MQTT brokers to crash client applications through malformed MQTT v5.0 property packets. The vulnerability stems from missing bounds validation in the property parser, enabling out-of-bounds read conditions (CWE-125). Amazon Web Services has issued a security bulletin and released version 5.0.1 to address this issue.

Buffer Overflow Information Disclosure Denial Of Service Coremqtt
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-45800 HIGH PATCH This Week

SQL injection in Vvveb CMS versions before 1.0.8.3 allows authenticated frontend users to execute arbitrary SQL queries through the order history page. The vulnerability exists in the /user/orders endpoint where order_by and direction parameters are directly concatenated into SQL queries without sanitization, enabling database compromise with low-privileged user credentials. The vendor has released version 1.0.8.3 to address this issue.

SQLi Vvveb
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-44088 HIGH PATCH This Week

Remote code execution in SzafirHost before 1.2.1 allows unauthenticated attackers to bypass JAR signature verification through a ZIP file smuggling technique. The vulnerability exploits a discrepancy between verification logic (JarInputStream reading from file beginning) and class loading (JarFile/URLClassLoader reading Central Directory from file end), enabling attackers to combine a legitimately signed JAR with malicious classes. CERT-PL confirmed this vulnerability, and the vendor released patch version 1.2.1. EPSS data not available, not listed in CISA KEV, requiring user interaction (UI:A) for exploitation.

RCE File Upload Szafirhost
NVD VulDB
CVSS 4.0
8.6
EPSS
0.3%
CVE-2026-46491 HIGH PATCH GHSA This Week

Path traversal in SimpleSAMLphp's CAS server module allows unauthenticated remote attackers to read and deserialize arbitrary files outside the ticket directory via crafted ticket parameters. When using FileSystemTicketStore, attackers can inject '../' sequences into CAS validation endpoints to escape the configured directory, potentially deleting files that contain serialized PHP data compatible with array types. The vulnerability has a CVSS score of 8.6 with no public exploits identified at time of analysis.

Path Traversal PHP Deserialization
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-21962 HIGH This Week

Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Amd RCE
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-54517 HIGH This Week

Buffer overflow in AMD GPU driver IOCTL handler enables local privilege escalation to root on Linux systems running AMD Instinct or Radeon Pro GPUs. Authenticated local users with low privileges can exploit an out-of-bounds write vulnerability in the AMDGV_CMD_GET_DIAG_DATA IOCTL to achieve arbitrary kernel code execution. EPSS data not available; no public exploit or CISA KEV listing identified at time of analysis, suggesting limited active exploitation despite high CVSS 8.5 severity.

Amd Memory Corruption Buffer Overflow RCE
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-28761 HIGH This Week

Cross-site request forgery in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier enables remote attackers to execute unauthorized operations through victim's authenticated session via malicious web pages. Successful exploitation achieves high confidentiality and integrity impact without requiring attacker authentication. Reported by JPCERT to JVN, indicating likely targeting of Japanese enterprise deployments. No active exploitation (CISA KEV) or public POC identified at time of analysis.

Information Disclosure CSRF Musetheque V4 Information Disclosure For Ipknowledge
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-7373 HIGH This Week

Local privilege escalation in Rapid7 Metasploit Pro allows unprivileged Windows users to achieve SYSTEM-level execution via OpenSSL configuration file hijacking. The metasploitPostgreSQL service loads openssl.cnf from a non-existent directory writable by standard users, enabling arbitrary command execution with SYSTEM privileges. Rated CVSS 8.5 (High) with proof-of-concept exploitation status (E:P). EPSS data not yet available. Not currently listed in CISA KEV catalog, suggesting vendor-disclosed rather than observed in-the-wild exploitation at time of analysis.

Privilege Escalation Microsoft PostgreSQL OpenSSL
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-52540 HIGH This Week

Out-of-bounds write in the AMD Platform Management Framework (PMF) Driver enables local authenticated users to escalate privileges on AMD Ryzen 6000/7000/8000 series processors. The vulnerability stems from improper input validation (CWE-787) allowing memory corruption beyond allocated buffer boundaries. Exploitation requires low-privilege local access with low attack complexity (CVSS 4.0: AV:L/AC:L/PR:L), making this a realistic post-compromise escalation vector. AMD released chipset driver version 7.06.02.123 addressing all affected Ryzen series. No public exploit or active exploitation confirmed at time of analysis.

Privilege Escalation Amd Memory Corruption Buffer Overflow
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-48519 HIGH This Week

Out-of-bounds read/write in AMD Platform Management Framework (PMF) driver allows local authenticated users to escalate privileges on Ryzen 6000/7000/8000 series processors. AMD has released patched chipset software version 7.06.02.123 addressing the improper input validation vulnerability. No public exploit code identified and CISA has not added this to KEV, indicating exploitation is not yet confirmed in real-world attacks despite the high CVSS score. Attackers must already have local system access with standard user privileges to exploit this vulnerability.

Privilege Escalation Amd Memory Corruption Buffer Overflow
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-0432 HIGH This Week

Insecure installation directory permissions in AMD chipset driver allow local authenticated attackers to achieve SYSTEM-level privilege escalation and execute arbitrary code. The vulnerability affects nearly all AMD Ryzen, Threadripper, EPYC, and Athlon processors across desktop, mobile, embedded, and server product lines. AMD has released patched chipset driver versions 8.01.20.513 (consumer/workstation) and 8.03.14.329/8.03.16.641 (server). No active exploitation confirmed at time of analysis, but the local vector and low attack complexity make this exploitable by any authenticated Windows user, including standard users without admin rights.

Privilege Escalation Amd RCE
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-29936 HIGH This Week

Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to unmap arbitrary memory pages, potentially executing code with elevated privileges or triggering system crashes. Affects modern AMD Ryzen mobile processors across multiple generations (6000/7000/8000/AI 300 series, embedded variants). The vulnerability enables both horizontal escalation (confidentiality compromise via changed scope in CVSS 4.0) and vertical impact (integrity/availability degradation). No evidence of active exploitation (not in CISA KEV), but the local attack vector with low complexity makes this exploitable by malware or malicious insiders once system access is obtained. EPSS data not available for risk calibration.

Privilege Escalation Amd
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-46508 HIGH PATCH This Week

Command injection in the Turborepo LSP VS Code extension before version 2.9.14000 allows arbitrary code execution when opening malicious workspaces. The vulnerability stems from unsafe string interpolation in shell commands, enabling attackers to inject commands through workspace settings or task names that execute with the user's VS Code process privileges. The CVSS 4.0 score of 8.4 indicates high severity with local access and user interaction required.

Command Injection Turborepo Vercel
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-45038 HIGH PATCH This Week

Local code execution in Tabby terminal emulator versions before 1.0.233 occurs when dragging and dropping files containing control characters in their paths. The terminal fails to properly escape control sequences, allowing attackers to execute arbitrary commands through crafted filenames when a user drags a malicious file into the terminal window.

RCE Tabby
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-29935 HIGH This Week

Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to execute arbitrary code with elevated system privileges through an out-of-bounds write vulnerability. Affects multiple AMD Ryzen processor series (6000, 7035, 7040, 8040, and Embedded R8000) across mobile and embedded platforms. The CVSS 4.0 score of 8.4 reflects high impact to system integrity and availability with changed scope, indicating the attacker can escape the vulnerable component's security context. No active exploitation confirmed in CISA KEV at time of analysis, and public exploit code availability is not indicated in current intelligence.

Amd Memory Corruption Buffer Overflow RCE
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-41964 HIGH This Week

Race condition in HarmonyOS web component enables local privilege escalation to full system compromise without authentication. The TOCTOU flaw (CWE-362) allows local attackers to achieve high confidentiality, integrity, and availability impact through unauthorized permission escalation. Huawei has released patches via May 2026 security bulletins for both mobile and laptop devices. EPSS data not yet available for this 2026 CVE; no confirmed active exploitation or public POC identified at time of analysis.

Race Condition Information Disclosure
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-0028 HIGH This Week

Local attackers with low-privilege credentials can exploit unchecked return value handling in AMD Platform Management Framework (PMF) to read or write arbitrary memory addresses across multiple AMD Ryzen processor families (6000, 7000, 8000 series). This CWE-252 flaw enables privilege escalation to kernel level, compromising system confidentiality and availability with high impact across both virtualized and physical contexts. AMD has released security bulletin AMD-SB-4015 addressing the vulnerability. No CISA KEV listing or public exploit code has been identified at time of analysis, but the low attack complexity (AC:L) and local privilege requirement (PR:L) suggest exploitation is technically straightforward for attackers with initial system access.

Amd Information Disclosure
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-46367 HIGH PATCH GHSA This Week

Stored cross-site scripting in phpMyFAQ 4.1.1 lets any authenticated user with a registered account persist JavaScript inside FAQ or News comments by submitting a URL containing an unescaped double quote, which Utils::parseUrl() injects unescaped into an href attribute. Payloads execute for every visitor - including admins viewing the comments panel - enabling session cookie theft and full application takeover. Publicly available exploit code exists in the GHSA advisory, though EPSS is only 0.01% and SSVC categorizes exploitation as POC rather than active.

XSS Phpmyfaq
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-34253 HIGH PATCH This Week

Buffer underflow in vorbis-tools 1.4.3's ogg123 utility allows remote attackers to crash the application or potentially execute code through malformed remote control input. The vulnerability achieves an EPSS score indicating moderate exploitation likelihood, with proof-of-concept code available according to SSVC assessment, though it has not been added to CISA's KEV catalog indicating no confirmed active exploitation.

RCE
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-22810 HIGH PATCH GHSA This Week

Path traversal vulnerability in Joplin's OneNote importer (versions 3.2.2 through 3.5.6) allows local attackers with authenticated access to overwrite arbitrary files on disk by importing malicious .one files containing directory traversal sequences in embedded file names. The vulnerability can lead to remote code execution by overwriting system files like .bashrc. Publicly available exploit code exists, with vendor-released patch available in version 3.5.7.

Path Traversal RCE
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-46361 HIGH PATCH This Week

Stored cross-site scripting in phpMyFAQ before 4.1.2 lets FAQ editors persist HTML-entity-encoded JavaScript that survives sanitization and executes in every visitor's browser, including administrators. The flaw stems from Twig's `| raw` filter being applied to `result.question` and `result.answerPreview` in `search.twig`, combined with a `html_entity_decode(strip_tags())` round-trip in SearchController.php that resurrects encoded tags. Publicly available exploit code exists (POC per SSVC), though EPSS is 0.01% and the issue is not on the CISA KEV list.

XSS PHP
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-45062 HIGH PATCH GHSA This Week

Path traversal vulnerability in FrankenPHP allows remote code execution through Unicode handling flaws in CGI path splitting. The splitPos() function in cgi.go incorrectly processes non-ASCII bytes in request paths, allowing attackers to trick FrankenPHP into executing arbitrary non-.php files as PHP scripts by crafting URLs with Unicode lookalike characters or specific non-ASCII byte sequences. Successfully exploited in environments where attackers can upload or control file content, leading to remote code execution with CVSS 8.1 (High).

RCE Docker PHP
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-35194 HIGH PATCH GHSA This Week

Code injection in Apache Flink's SQL engine allows authenticated users to execute arbitrary code on TaskManagers through malicious SQL queries. The vulnerability affects JSON functions in versions 1.15.0+ and LIKE expressions with ESCAPE clauses in versions 1.17.0+, where user-controlled strings are interpolated into generated Java code without proper escaping. Apache has released patches in versions 1.20.4, 2.0.2, 2.1.2 and 2.2.1.

Java RCE Apache Code Injection
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-4094 HIGH This Week

Authenticated attackers with Contributor-level access can delete entire multi-currency configurations in FOX Currency Switcher Professional for WooCommerce by visiting any wp-admin page with a specific parameter, and the lack of nonce verification allows CSRF-based exploitation against administrators. Confirmed actively exploited (CISA KEV). CVSS 8.1 reflects high integrity and availability impact, with EPSS data unavailable. WordPress plugin affects versions ≤1.4.5, with patch released in version 1.4.6 per Wordfence advisory. The dual attack vectors (direct authenticated abuse and CSRF) significantly increase real-world risk for WooCommerce installations using this currency management plugin.

Authentication Bypass CSRF WordPress
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-46407 HIGH PATCH This Week

Authenticated administrators in Vvveb CMS versions before 1.0.8.3 can access REST API tokens of other administrators through the admin/auth-token endpoint by manipulating the admin_id parameter. This authorization bypass allows lateral privilege escalation between admin accounts, potentially compromising all administrative API operations. The vulnerability requires low-privileged authenticated access and has been patched in version 1.0.8.3.

Authentication Bypass Vvveb
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-45574 HIGH PATCH GHSA This Week

Missing TLS certificate validation in epa4all-client allows adjacent network attackers to intercept SOAP traffic between ePA services and Konnektor systems. The vulnerability affects versions prior to 1.2.2 and enables man-in-the-middle attacks using self-signed, expired, or otherwise invalid certificates to access patient identifiers (KVNR), SMC-B card operations, document content, and credential exchanges. No public exploit identified at time of analysis, with CVSS 8.1 indicating high impact on adjacent network segments.

Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-41702 HIGH PATCH This Week

Local privilege escalation in VMware Fusion allows authenticated users with non-administrative privileges to gain root access by exploiting a TOCTOU race condition in a SETUID binary. The vulnerability requires local access and low attack complexity (CVSS:3.1 AV:L/AC:L/PR:L), enabling complete system compromise on macOS hosts running affected Fusion versions. EPSS and KEV status data not available; exploitation requires existing local user access but can bypass all privilege boundaries once triggered.

VMware Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46359 HIGH PATCH GHSA This Week

SQL injection in phpMyFAQ prior to 4.1.2 allows attackers authenticating through Azure AD/Entra ID OAuth to execute arbitrary database queries by embedding SQL metacharacters in their identity provider display name or JWT claims. The CurrentUser::setTokenData() method interpolates OAuth token fields into an UPDATE statement via sprintf without calling the database escape routine, while sibling methods in the same file correctly escape input. Publicly available exploit code exists per VulnCheck and the GHSA advisory, though EPSS is low (0.03%, 9th percentile) and the issue is not in CISA KEV.

Microsoft SQLi
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-44692 HIGH PATCH GHSA This Week

Authenticated users in Sharp (a Laravel admin framework) can bypass authorization to download arbitrary files from any configured Laravel Storage disk through the generic download endpoint. The vulnerability allows authenticated users with view access to any single Sharp entity to download unrelated files including backups, invoices, internal documents, and tenant-specific data by manipulating the disk and path parameters. Sharp v9.22.0 fixes this by implementing signed URLs that prevent parameter tampering.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-45715 HIGH PATCH GHSA This Week

Budibase's REST datasource integration before version 3.38.1 bypasses IP blacklist security controls through HTTP redirect following. Authenticated Builder-level users can exploit this to access cloud metadata services and internal databases by redirecting requests through attacker-controlled servers, potentially stealing AWS/GCP/Azure credentials. This vulnerability class was previously fixed in automation steps but the REST integration was overlooked, creating an inconsistent security posture.

Redis Python SSRF Microsoft
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-45548 HIGH PATCH GHSA This Week

Server-Side Request Forgery (SSRF) in Budibase's AI Extract File automation step allows authenticated users with builder permissions to bypass IP blacklist protections and access internal resources. The vulnerability exists because the processUrlFile function uses fetch() directly without the fetchWithBlacklist() validation that protects all other automation steps, enabling attacks on cloud metadata endpoints (169.254.169.254), internal APIs, and private networks. Fixed in version 3.34.8.

SSRF Microsoft
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-46408 HIGH PATCH This Week

Vvveb CMS versions before 1.0.8.3 allow authenticated users to hijack other users' shopping carts during checkout. The checkout endpoint fails to verify cart ownership when processing a user-supplied cart_id parameter, enabling attackers to access and potentially complete purchases using another user's cart contents. This vulnerability has been patched in version 1.0.8.3.

Authentication Bypass Vvveb
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-39054 HIGH This Week

Command injection in Oinone Pamirs 7.0.0 allows remote unauthenticated attackers to execute arbitrary OS commands through the CommandHelper.executeCommands method. The vulnerability stems from unsanitized command strings being passed directly to a shell process's standard input. With an EPSS score indicating moderate exploitation likelihood and SSVC assessment showing automatable attacks with total technical impact, this represents a significant risk despite no current KEV listing or confirmed active exploitation.

Command Injection
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
1.3%
CVE-2026-6403 HIGH This Week

Remote unauthenticated attackers can exploit a path traversal vulnerability in Quick Playground plugin for WordPress (versions ≤1.3.3) to exfiltrate sensitive server files including wp-config.php credentials. The flaw in the qckply_zip_theme() function allows arbitrary filesystem traversal via an unsanitized 'stylesheet' parameter, triggering creation of downloadable ZIP archives containing any server-accessible files. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicating trivial remote exploitation requiring no authentication, this represents an immediate confidentiality risk for all sites running affected versions, though no CISA KEV listing or public exploit code has been identified at time of analysis.

WordPress Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy