Skip to main content
CVE-2026-46372 HIGH POC PATCH GHSA This Week

Server-side request forgery in SillyTavern 1.17.0 allows authenticated low-privilege users to coerce the server into making arbitrary HTTP requests against internal or loopback addresses via the /api/search/searxng endpoint's unvalidated baseUrl parameter, returning response bodies to the attacker. The flaw was addressed in 1.18.0, which introduced an opt-in Private Request Whitelisting filter (disabled by default). Publicly available exploit code exists in the GitHub Security Advisory GHSA-qg89-qwwh-5f3j, but no public exploit identified at time of analysis as actively exploited.

CSRF SSRF
NVD GitHub VulDB
CVSS 3.1
8.5
EPSS
2.6%
CVE-2026-43634 HIGH POC PATCH This Week

Authentication security bypass in HestiaCP 1.2.0 through 1.9.4 allows unauthenticated remote attackers to spoof their source IP address by injecting an arbitrary value into the CF-Connecting-IP HTTP header, which the panel trusts unconditionally without verifying the request originated from Cloudflare's network. This enables attackers to defeat fail2ban brute-force throttling, evade per-user IP allowlists, and poison authentication audit logs. Publicly available exploit code exists and a vendor patch is available.

Authentication Bypass Hestiacp
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-41470 HIGH POC PATCH This Week

Authorization bypass in LIVE555 RTSP server (versions before 2026.04.22) allows remote unauthenticated attackers to hijack active streaming sessions by replaying valid Session tokens over a separate TCP connection. By issuing PLAY or TEARDOWN commands with a captured token, attackers can crash the server via virtual function call errors or terminate legitimate viewers' streams. Publicly available exploit code exists, and a vendor patch has been released; no public exploit identified as actively exploited in CISA KEV at time of analysis.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-15609 HIGH POC PATCH This Week

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.

WordPress Information Disclosure
NVD WPScan VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8603 HIGH CISA Act Now

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.

Command Injection Scadabr
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2026-8602 HIGH CISA Act Now

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings.

Authentication Bypass Scadabr
NVD
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-8604 HIGH CISA Act Now

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage.

CSRF Scadabr
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-27648 HIGH This Week

Arbitrary code execution in OpenHarmony v6.0 and earlier enables remote attackers with low privileges to execute code within pre-installed apps via an out-of-bounds write (CWE-787). The CVSS 8.8 vector reflects network-reachable exploitation with low complexity and no user interaction once minimal privileges are obtained, yielding high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-8975 HIGH PATCH This Week

Memory corruption in Mozilla Firefox 150 and Firefox ESR (115.35, 140.10) allows remote attackers to potentially execute arbitrary code when a user visits a crafted web page. The flaws stem from memory safety bugs reported by Mozilla developers, some showing evidence of exploitable memory corruption. No public exploit identified at time of analysis, and EPSS scoring (0.06%) suggests low near-term exploitation likelihood despite the high CVSS rating.

Mozilla Buffer Overflow RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-46417 HIGH PATCH GHSA This Week

Server-Side Request Forgery in @angular/platform-server allows remote unauthenticated attackers to hijack the SSR hostname by supplying an absolute-form URL to the rendering entry points, causing relative HttpClient calls and PlatformLocation references to be redirected to attacker-controlled domains. Affected versions span the 19.x, 20.x, 21.x, and 22.0.0-next branches, and exploitation can expose internal APIs or cloud metadata services. No public exploit identified at time of analysis, EPSS is very low at 0.05%, but the upstream fix and clear reproduction path raise the practical risk for exposed SSR deployments.

SSRF
NVD GitHub HeroDevs VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-8974 HIGH PATCH This Week

Memory corruption in Mozilla Firefox 150 and Firefox ESR 140.10 allows remote attackers to potentially execute arbitrary code when a victim visits a crafted web page. The flaw stems from multiple memory safety bugs reported by Mozilla developers, with some showing evidence of exploitable memory corruption; no public exploit identified at time of analysis and EPSS exploitation probability is low (0.05%, 14th percentile). Mozilla has shipped fixes in Firefox 151 and Firefox ESR 140.11.

Mozilla Buffer Overflow RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8970 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox's Security component allows remote attackers to elevate privileges within the browser when a victim interacts with attacker-controlled content, affecting Firefox versions prior to 151 and Firefox ESR prior to 140.11. With CVSS 8.8 (high) and user interaction required, exploitation is plausible via malicious web content, though EPSS sits at just 0.04% (12th percentile) and no public exploit identified at time of analysis. SSVC rates exploitation as 'none' but flags the issue as automatable with partial technical impact, suggesting concerning scalability if a working exploit emerges.

Mozilla Privilege Escalation Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8973 HIGH PATCH This Week

Memory corruption vulnerabilities in Mozilla Firefox 150 could enable remote code execution when a user visits a maliciously crafted web page, with Mozilla acknowledging that some of the bugs showed evidence of memory corruption potentially exploitable for arbitrary code execution. The issue is resolved in Firefox 151 per Mozilla advisory MFSA2026-46/MFSA2026-50. No public exploit identified at time of analysis and EPSS remains low (0.04%), but SSVC rates technical impact as total and automatable.

Mozilla Buffer Overflow RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-32740 HIGH PATCH This Week

Heap buffer overflow write in libheif (versions ≤ 1.21.2) lets a crafted HEIF/AVIF file write 64 bytes of attacker-controlled data past a chroma-plane heap allocation during grid tile compositing. Any application using libheif to decode untrusted images - image viewers, file managers, browsers, mobile OS thumbnailers - is exposed, with CVSS 8.8 reflecting likely code execution after user-triggered file open. No public exploit identified at time of analysis, but the deterministic 64-byte fully-controlled overflow is highly favorable for exploitation.

Memory Corruption Buffer Overflow Libheif
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-45805 HIGH PATCH GHSA This Week

Unauthenticated remote code execution in Penpot MCP module's ReplServer (npm @penpot/mcp < 2.15.0) allows anyone on the adjacent network to POST arbitrary JavaScript to a `/execute` endpoint and have it executed by the Node.js process. The flaw stems from Express defaulting the listen() bind address to 0.0.0.0 instead of localhost, combined with a complete absence of authentication on the REPL endpoint. No public exploit identified at time of analysis beyond the reporter's working PoC included in the GHSA advisory.

RCE Docker
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8957 HIGH PATCH This Week

Privilege escalation in the Enterprise Policies component of Mozilla Firefox affects versions prior to Firefox 151 and Firefox ESR 140.11, allowing remote attackers who can convince a user to interact with crafted content to elevate privileges within the browser. No public exploit identified at time of analysis, and EPSS scoring places exploitation probability at just 0.03% (9th percentile). The vulnerability requires user interaction per the CVSS vector, which somewhat constrains real-world weaponization despite the high 8.8 CVSS score.

Mozilla Privilege Escalation Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8955 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox's DOM Workers component allows remote attackers to elevate privileges within the browser when a victim interacts with a malicious web page. Affects Firefox versions prior to 151 and Firefox ESR prior to 140.11, with high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis, and EPSS rates exploitation probability at only 0.03% (9th percentile).

Mozilla Privilege Escalation Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-46586 HIGH PATCH This Week

Authenticated code injection in Apache OFBiz versions prior to 24.09.06 allows remote attackers with low-privileged accounts to execute arbitrary code via improperly neutralized directives in dynamically evaluated expressions. The flaw combines CWE-94 code injection with eval injection, yielding full confidentiality, integrity, and availability impact (CVSS 8.8). No public exploit identified at time of analysis, and EPSS rates near-term exploitation at 0.03% (8th percentile), but SSVC flags the issue as automatable, raising the risk of scripted abuse once a POC emerges.

Apache Code Injection RCE Apache Ofbiz
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8972 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox's WebRTC Audio/Video component allows remote attackers to elevate privileges within the browser context when a user is lured into interacting with a malicious page. The flaw carries a CVSS 8.8 with required user interaction and was addressed in Firefox 151; no public exploit identified at time of analysis and EPSS exploitation probability sits at 0.03% (8th percentile).

Mozilla Privilege Escalation Suse Red Hat
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8952 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox via the Application Update component allows remote attackers to gain elevated privileges when a user interacts with malicious content, fixed in Firefox 151. The flaw carries a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R) and is categorized under CWE-269 (Improper Privilege Management). There is no public exploit identified at time of analysis, and EPSS estimates only a 0.03% probability of exploitation in the next 30 days.

Mozilla Privilege Escalation Suse Red Hat
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31069 HIGH GHSA This Week

SQL injection in BillaBear (all versions prior to January 2026) allows authenticated users holding the ROLE_ACCOUNT_MANAGER role to execute arbitrary SQL commands via the EventRepository component. The flaw stems from unsanitized filter identifier keys being concatenated into queries through sprintf(), and while no public exploit identified at time of analysis is listed in KEV, two CVE-referenced gists suggest detailed technical write-ups are publicly available. EPSS is very low (0.01%), but the high CVSS of 8.8 and clear exploitation path make this a meaningful risk for any deployed instance.

SQLi N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-36828 HIGH This Week

A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-46511 HIGH PATCH GHSA This Week

Cross-tenant account takeover in HAXcms (npm package @haxtheweb/haxcms-nodejs <= 25.0.0) allows an authenticated attacker with edit access to chain a stored XSS flaw with token leakage in the /system/api/connectionSettings endpoint to hijack other tenants' sessions. The endpoint exposes the victim's JWT, user_token, site_token, and appstore_token via the window.appSettings global, letting injected JavaScript silently exfiltrate them to an attacker-controlled webhook and fully impersonate the victim. A detailed reporter-supplied PoC exists in the GitHub Security Advisory, though there is no public exploit identified at time of analysis as a packaged weapon and no CISA KEV entry.

PHP XSS
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-47356 HIGH This Week

Server-Side Request Forgery in Terrascan up to v1.18.3 lets unauthenticated remote attackers coerce the scanner's HTTP client to POST full IaC scan results - along with an attacker-chosen Bearer token in the Authorization header - to any URL supplied via the webhook_url multipart parameter. Because Terrascan was archived by Tenable in August 2023, no vendor patch will be released, leaving every existing server-mode deployment permanently exposed. No public exploit identified at time of analysis and the CVE is not on CISA KEV, but the trivial exploit primitive (a single multipart POST) makes weaponization straightforward.

SSRF Terrascan
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-42096 HIGH This Week

Broken access control in Sparx Systems Pro Cloud Server 6.1 (build 167) and earlier allows authenticated low-privileged users to execute arbitrary SQL queries against the backend database with the database user's privileges. The flaw stems from missing permission checks in the database communication layer, effectively granting any logged-in user the ability to read or modify any data the service account can access. No public exploit identified at time of analysis, but technical write-ups have been published by CERT-PL and independent researchers.

Authentication Bypass Pro Cloud Server
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34241 HIGH PATCH This Week

Stored cross-site scripting in CtrlPanel (versions ≤1.1.1) allows a low-privileged ticket participant to inject arbitrary JavaScript into reply notifications that execute in the recipient's browser when rendered via Blade's unescaped `{!! !!}` directive. Because notifications flow bidirectionally between users and admins, a regular user can hijack an admin session - yielding privilege escalation across a scope-changed (S:C) trust boundary - and a malicious admin can pivot back to target users. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the attack path is straightforward given an authenticated low-privileged account and an admin reading the ticket queue.

XSS Panel
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-46391 HIGH PATCH GHSA This Week

Credential theft via SSRF in HAX open-apis (npm @haxtheweb/open-apis) before version 26.0.0 allows remote unauthenticated attackers to capture HTTP Basic authentication intended for hard-coded trusted domains. The flaw stems from substring-only hostname validation in cacheAddress.js, JOSHelpers.js, and elmslnToSite.js, which lets an attacker craft a URL containing the trusted substring but pointing to attacker infrastructure. A proof-of-concept exists and the maintainer confirmed the leaked credentials grant access to unreleased LMS content on downstream systems, though no public exploitation has been observed.

Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-27173 HIGH PATCH GHSA This Week

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.

Kubernetes Information Disclosure Apache Airflow Cncf Kubernetes Provider
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-6009 HIGH PATCH GHSA This Week

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

Deserialization RCE Java
NVD VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-47100 HIGH PATCH This Week

Stored cross-site scripting via missing authorization in Funnel Builder for WooCommerce Checkout (FunnelKit) plugin versions prior to 3.15.0.3 allows remote unauthenticated attackers to write arbitrary content to the plugin's External Scripts global setting through an exposed public AJAX endpoint. Injected JavaScript executes in the browser of every visitor to the WooCommerce checkout page, enabling credit card skimming, session theft, and credential harvesting. Publicly available exploit code exists and Sansec research indicates the flaw is being exploited in the wild against live e-commerce sites.

WordPress Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-42098 HIGH This Week

Privilege escalation in Sparx Enterprise Architect 17.1 and earlier allows an authenticated low-privilege user to impersonate any other user, including administrators, by tampering with the client-side application (e.g., via a debugger). Because role-based access enforcement happens in the client rather than on the server (CWE-603), an attacker who has any valid login can gain full repository control. No public exploit identified at time of analysis, although technical write-ups are referenced.

Information Disclosure Enterprise Architect
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-8958 HIGH PATCH This Week

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.

Information Disclosure Mozilla Red Hat Suse
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-47107 HIGH PATCH This Week

Cross-tenant DNS and TLS poisoning in Windmill versions prior to 1.703.2 allows authenticated low-privilege users to write to /etc/hosts, /etc/resolv.conf, and the system CA bundle from inside nsjail script sandboxes, persisting tampered state across every subsequent job on the same worker pod. Because poisoned entries survive between executions, attackers can hijack hostname resolution, perform transparent HTTPS man-in-the-middle, and steal WM_TOKEN JWTs to escalate to workspace-admin in other tenants. Publicly available exploit code exists per SSVC (poc), and CVSS 4.0 rates this 8.6 with high confidentiality and integrity impact.

Privilege Escalation Windmill
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-8370 HIGH PATCH This Week

Local privilege escalation in Broadcom Automic Automation Agent versions prior to 24.4.4 HF1 allows authenticated low-privileged users on Unix-family systems (Linux x64, Linux Power 64 BE/LE, zLinux, AIX, Solaris x64, Solaris Sparc 64) to abuse the agent's elevated privileges and target programs running with higher rights. The CVSS 4.0 score of 8.5 reflects high confidentiality, integrity, and availability impact achievable from a local foothold, with no public exploit identified at time of analysis.

Broadcom Privilege Escalation
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-25781 HIGH This Week

Out-of-bounds write in OpenHarmony v6.0 and earlier enables a local low-privileged attacker to corrupt memory and trigger an unrecoverable denial-of-service condition on affected devices. The flaw was disclosed by the OpenHarmony project itself, and no public exploit identified at time of analysis. Although CVSS scores it 8.4 (High) due to scope change and high confidentiality/integrity impact, the vector indicates local-only access with low privileges already required.

Memory Corruption Buffer Overflow Openharmony
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-5804 HIGH PATCH This Week

Authentication bypass in the Motorola Factory Test component (com.motorola.motocit) on Motorola phones lets a co-resident Android app abuse an exposed writable file descriptor in external storage to stand up a TCP server, harvest protected settings, and act with the factory-test app's elevated permissions. The flaw is locally exploitable by any installed third-party app with low privileges and carries CVSS 4.0 score 8.4 with high confidentiality and integrity impact. No public exploit identified at time of analysis and not listed in CISA KEV.

Authentication Bypass Phones
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-45576 HIGH PATCH GHSA This Week

Directory traversal in openziti zrok's drive sync pipeline allows a malicious WebDAV/zrok share operator to write files outside the victim's chosen destination when the victim runs 'zrok2 copy'. Because the sync code trusts the server-supplied DAV 'href' (e.g. '/../outside.txt') and joins it to the local target root before calling FilesystemTarget.WriteStream, a hostile share can overwrite sensitive files anywhere the copying user's credentials permit. No public exploit identified at time of analysis and EPSS is low (0.06%), but the vendor has shipped a fix (v2.0.3) and the root cause is confirmed in the commit diff.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.1%
CVE-2026-8726 HIGH PATCH GHSA This Week

SQL injection in the TYPO3 'news' extension allows unauthenticated remote attackers to inject arbitrary SQL through a URL parameter on pages that render the 'Date Menu of news articles' plugin. The flaw stems from missing sanitization of user input before it reaches a database query, and exposure is limited to sites that both use the affected plugin and have not enabled the TypoScript/plugin setting disableOverrideDemand. No public exploit identified at time of analysis.

SQLi Extension News System
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-8827 HIGH PATCH GHSA This Week

SQL injection in the TYPO3 'address_list' extension's AddressRepository::getSqlQuery() method allows remote attackers to manipulate database queries when the method is called with untrusted input. The flaw is latent - the vulnerable method is not invoked anywhere within the extension itself, so default installations are not exposed, but custom or third-party extensions that reuse this method become injection sinks. No public exploit identified at time of analysis, and no EPSS or KEV signal accompanies the advisory.

SQLi Extension Address List
NVD
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-46415 HIGH PATCH GHSA This Week

IP allowlist/blocklist bypass in Caddy Defender versions prior to 0.10.1 lets attackers from blocked IP ranges evade filtering when Caddy sits behind a trusted proxy, CDN, or load balancer. The module evaluated requests against r.RemoteAddr (the proxy's IP) instead of Caddy's resolved client_ip variable, so any source whose true IP should have been blocked could reach protected backends. No public exploit identified at time of analysis, and the issue is not in CISA KEV.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-24792 HIGH This Week

Remote code execution in OpenHarmony v6.0 and prior versions allows authenticated remote attackers to execute arbitrary code within pre-installed applications through a race condition flaw (CWE-364). The CVSS 8.1 score reflects high confidentiality and availability impact but no integrity impact, and no public exploit has been identified at time of analysis. The vulnerability requires low privileges but no user interaction, making it exploitable across OpenHarmony's distributed device ecosystem including smart devices, wearables, and IoT endpoints running the open-source operating system.

RCE Openharmony
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-8969 HIGH PATCH This Week

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151.

Mozilla Authentication Bypass Suse Red Hat
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-7504 HIGH PATCH GHSA This Week

Open redirect in Red Hat build of Keycloak permits remote attackers to send victims to attacker-controlled hosts by abusing a parser discrepancy between Keycloak and Java's URI implementation during redirect URL validation. The flaw applies only to clients configured with a wildcard ('*') in the 'Valid Redirect URIs' field and requires the victim to click a crafted link, with no public exploit identified at time of analysis.

Open Redirect Java Red Hat Build Of Keycloak
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-34358 HIGH PATCH This Week

Privilege escalation in CtrlPanel hosting billing software (versions ≤1.1.1) allows any authenticated low-privilege user to invoke admin write endpoints because store()/update() controller methods omit the RBAC permission checks present on their corresponding form-display methods. Successful exploitation yields effective admin control over API credentials, coupons, vouchers, partner commissions, shop pricing, server ownership, and user accounts (including roles, credits, passwords, and Pterodactyl linkages). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-8962 HIGH PATCH This Week

Mitigation bypass in Mozilla Firefox's DOM: Security component allows remote attackers to circumvent built-in browser security protections when a user visits a maliciously crafted web page. The flaw affects Firefox versions prior to 151 and Firefox ESR prior to 140.11, with CVSS 8.1 reflecting high confidentiality and integrity impact contingent on user interaction. EPSS scoring is very low (0.02%, 5th percentile) and no public exploit identified at time of analysis, but the CWE-693 protection-mechanism-failure classification means defensive layers users rely on may not function as intended.

Mozilla Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-47314 HIGH This Week

Out-of-bounds write in Samsung's Escargot lightweight JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) allows attackers to corrupt memory by inducing buffer overflows through crafted JavaScript. Exploitation requires local execution of attacker-supplied script content with user interaction, but successful triggering yields high impact to confidentiality, integrity, and availability (CVSS 7.8). No public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Memory Corruption Samsung Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47311 HIGH This Week

Heap-based buffer overflow in Samsung's Escargot JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) allows remote attackers to corrupt heap memory and likely achieve arbitrary code execution when a victim processes attacker-controlled JavaScript. No public exploit identified at time of analysis, but the upstream fix (PR #1565) reveals multiple memory-safety hardening changes including integer underflow protection in TypedArray.copyWithin, fast-mode array conversion checks during spread operations, and OOM handling, indicating concrete reachable corruption paths. CVSS 7.8 with local attack vector and required user interaction reflects the engine's typical embedding context (apps, IoT, smart TV runtimes) rather than network-facing services.

Samsung Buffer Overflow Heap Overflow
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47310 HIGH This Week

Use-after-free memory corruption in Samsung's Escargot JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) enables pointer manipulation when processing crafted JavaScript content, with CVSS 7.8 reflecting high-impact local exploitation requiring user interaction. The affected codepaths include evaluator error handling, TypedArray copyWithin operations on resizable buffers, DataView coercion, and array fast-mode transitions - all triggerable by attacker-controlled script. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Memory Corruption Samsung Denial Of Service Use After Free
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-42099 HIGH This Week

Remote code execution in Sparx Systems Pro Cloud Server (versions 0 through 6.1 build 167) is achievable by authenticated repository users via a race condition in the /data_api/dl_internal_artifact.php endpoint. An attacker who controls both the filename and contents of a downloaded artifact can briefly stage a malicious PHP file in the web root and execute it before cleanup, leading to full server compromise. No public exploit identified at time of analysis, but a detailed technical write-up published by CERT-PL and sploit.tech reduces the barrier to reproduction.

PHP Race Condition RCE
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-8813 HIGH PATCH GHSA This Week

Denial-of-service in ExifReader (npm package mattiasw/ExifReader) before 4.39.0 allows remote attackers to exhaust memory by submitting a crafted image whose ICC profile contains a malformed mluc tag. A specially crafted record count combined with a zero record size causes the parser to loop on the same record while continuously appending entries to an array, driving memory growth until the host process crashes. CVSS 4.0 base score is 7.7 with proof-of-concept exploit maturity (E:P), and publicly available exploit code exists via the referenced gist; no active in-the-wild exploitation is indicated.

Denial Of Service Exifreader
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy