Skip to main content
CVE-2026-41091 HIGH POC KEV PATCH THREAT NEWS Exploited Act Now

Local privilege escalation in Microsoft Defender (Malware Protection Engine) enables an authenticated low-privileged attacker to elevate to SYSTEM by abusing improper link resolution (CWE-59) before file access. The flaw scores CVSS 7.8 with high impact to confidentiality, integrity, and availability, and no public exploit is identified at time of analysis. Microsoft has released a patch via MSRC, and there is no current CISA KEV listing or EPSS signal indicating active mass exploitation.

Microsoft Information Disclosure
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
12.1%
Threat
4.9
CVE-2026-9082 MEDIUM POC KEV PATCH THREAT NEWS GHSA Act Now

SQL injection in Drupal Core across six major version branches (8.9.0 through 11.3.x) enables remote unauthenticated attackers to manipulate database queries with no required privileges or user interaction, as confirmed by CVSS vector AV:N/AC:L/PR:N/UI:N. The vulnerability yields partial confidentiality and integrity impact per CVSS - enabling data enumeration and limited data manipulation - but does not grant full database control or server compromise. No active exploitation is confirmed (not listed in CISA KEV; SSVC exploitation status: none), but SSVC flags this as automatable, making opportunistic mass scanning against the large global Drupal install base a credible near-term risk.

SQLi Drupal Core
NVD GitHub VulDB Exploit-DB
CVSS 3.1
6.5
EPSS
0.0%
Threat
4.3
CVE-2026-45498 MEDIUM POC KEV PATCH THREAT NEWS Exploited Act Now

Denial of service in Microsoft Defender Antimalware Platform allows a local, unprivileged attacker to partially degrade availability with low attack complexity and no user interaction required. The CVSS 4.0 score reflects limited impact - confidentiality and integrity are unaffected, and availability impact is rated Low. Vendor patch is available via Microsoft Security Response Center; no public exploit identified at time of analysis and no CISA KEV listing.

Microsoft Denial Of Service
NVD VulDB
CVSS 3.1
4.0
EPSS
2.3%
CVE-2026-24207 CRITICAL POC Act Now

Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected functionality over the network, potentially chaining to code execution, privilege escalation, data tampering, denial of service, or information disclosure. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) reflects a critical severity issue affecting an AI/ML inference platform commonly deployed in production model-serving environments. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.

Information Disclosure Authentication Bypass RCE Denial Of Service Nvidia
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-39352 HIGH POC PATCH This Week

Arbitrary file read in the Frappe full-stack web application framework allows remote unauthenticated attackers to retrieve files outside intended directories via path traversal sequences in affected versions prior to 15.105.0 and 16.15.0. The CVSS 4.0 base score of 8.7 reflects high confidentiality impact with no required privileges or user interaction, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV. Successful exploitation discloses sensitive server-side files such as configuration secrets, site keys, or credentials used by downstream ERPNext deployments.

Path Traversal Frappe
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-8598 CRITICAL CISA Emergency

Information disclosure in ZKTeco SSC335-GC2063-Face-0B77 Solution Camera exposes credentials and service details through an undocumented configuration export port that requires no authentication. Remote unauthenticated attackers on the network can retrieve camera account credentials and enumerate open services, enabling full takeover of the device. No public exploit identified at time of analysis, but the CVSS 9.1 score and ICS-CERT advisory reflect significant operational risk to deployed surveillance infrastructure.

Information Disclosure Ssc335 Gc2063 Face 0B77 Solution Camera
NVD GitHub
CVSS 4.0
9.1
EPSS
0.1%
CVE-2026-5776 MEDIUM POC PATCH This Month

Stored XSS in the Email Encoder WordPress plugin (all versions before 2.4.7) permits unauthenticated remote attackers to inject persistent malicious scripts by supplying unsanitized email addresses through public-facing input fields. Because the CVSS scope is Changed (S:C), injected payloads execute in victim browsers rather than the server context, enabling session hijacking, credential theft, or malicious redirects against any visitor who loads an affected page. A publicly available proof-of-concept exists per WPScan reporting; no public exploit identified at time of analysis as actively exploited via CISA KEV.

WordPress XSS
NVD WPScan VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-20223 CRITICAL NEWS Act Now

Authentication bypass in Cisco Secure Workload allows unauthenticated remote attackers to invoke internal REST API endpoints and act with Site Admin privileges across tenant boundaries. The flaw carries a maximum CVSS 10.0 score with a changed scope and full CIA impact, and no public exploit has been identified at time of analysis. Successful exploitation enables reading sensitive tenant data and modifying configuration globally, making this a critical-priority issue for any organization running affected versions.

Authentication Bypass Cisco Cisco Secure Workload
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-45444 CRITICAL Act Now

Unrestricted file upload in WP Swings Gift Cards For WooCommerce Pro plugin (versions up to and including 4.2.6) allows remote unauthenticated attackers to upload malicious files of dangerous types to vulnerable WordPress sites. With a maximum CVSS score of 10.0 and a scope-changed vector, successful exploitation typically leads to remote code execution and full site compromise. No public exploit identified at time of analysis, though the high severity and ease of exploitation make this a priority concern for any WooCommerce site using this plugin.

File Upload WordPress
NVD
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-6555 CRITICAL Act Now

Unauthenticated remote code execution in the ProSolution WP Client WordPress plugin (versions ≤ 2.0.0) allows attackers to upload malicious PHP files to a web-accessible directory by abusing an array validation mismatch in its upload handler. Because only the first file in a multi-file upload array is checked for extension and MIME type while the remaining files are processed unchecked, attackers can pair a benign first file with a PHP webshell to achieve full code execution on the host. No public exploit identified at time of analysis, but the high CVSS 9.8 score and trivially scriptable nature place this in the realistic mass-exploitation tier for WordPress plugins.

File Upload PHP WordPress RCE Prosolution Wp Client
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-7637 CRITICAL Act Now

PHP Object Injection in the Boost plugin for WordPress (versions up to and including 2.0.3) allows unauthenticated remote attackers to inject arbitrary PHP objects via the STYXKEY-BOOST_USER_LOCATION cookie. The vulnerability stems from unsafe deserialization of attacker-controlled cookie data; while the plugin itself ships no usable POP (property-oriented programming) chain, exploitation becomes high-impact when any other installed plugin or theme provides one. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-7284 CRITICAL Act Now

Privilege escalation in the Easy Elements for Elementor WordPress plugin (versions up to and including 1.4.4) allows unauthenticated remote attackers to register accounts with the 'administrator' role, granting full site takeover. The flaw exists in the 'easyel_handle_register' function which fails to validate or restrict the user role parameter submitted during registration. No public exploit identified at time of analysis, but the trivial nature of the bug and Wordfence's disclosure make weaponization straightforward.

WordPress Privilege Escalation Elementor
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-3593 CRITICAL PATCH Act Now

Memory corruption in ISC BIND 9's DNS-over-HTTPS (DoH) implementation lets remote attackers trigger a use-after-free (CWE-416) by interacting with the DoH endpoint, affecting BIND 9.20.0-9.20.22, 9.21.0-9.21.21, and the 9.20.9-S1-9.20.22-S1 subscription builds; the older 9.18.x branch is explicitly not affected. The vendor scores it CVSS 9.8 (AV:N/AC:L/PR:N/UI:N), implying unauthenticated remote impact, though CISA's SSVC rates technical impact as only 'partial' and exploitation as 'none'. There is no public exploit identified at time of analysis and EPSS is very low (0.02%, 7th percentile), indicating no observed exploitation activity.

Memory Corruption Information Disclosure Use After Free Bind 9
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-7385 MEDIUM POC PATCH This Month

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.

WordPress Information Disclosure
NVD WPScan VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-8467 CRITICAL PATCH GHSA Act Now

Unauthenticated remote code execution in phenixdigital phoenix_storybook 0.5.0 through versions before 1.1.0 allows attackers to execute arbitrary Elixir code on the server by abusing the psb-assign WebSocket event to inject HEEx template expressions. The flaw stems from attribute values being interpolated verbatim into HEEx templates that are then compiled and evaluated with full Kernel imports and no sandbox. Publicly available exploit code exists via the upstream commit and GHSA advisory, though no public exploit identified at time of analysis for in-the-wild use; CVSS 4.0 score is 9.5.

Code Injection RCE
NVD GitHub VulDB
CVSS 4.0
9.5
EPSS
0.3%
CVE-2026-9102 CRITICAL PATCH Act Now

Arbitrary file write in Altium Enterprise Server ComparisonService allows authenticated workspace users to escape the temporary upload directory and plant files anywhere on the host filesystem via crafted multipart Content-Disposition headers in the Gerber upload APIs. The flaw (CVSS 4.0 score 9.4, CWE-22) escalates to remote code execution by dropping payloads into web-accessible paths or overwriting service binaries, and a vendor patch is available. No public exploit identified at time of analysis.

Denial Of Service Path Traversal File Upload RCE Altium Enterprise Server
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2026-39405 CRITICAL PATCH Act Now

Path traversal in Frappe Learning Management System (LMS) versions 2.50.0 and below allows authenticated users with course-editing privileges to write arbitrary files outside the intended upload directory by uploading a maliciously crafted SCORM ZIP package. The CVSS 4.0 base score of 9.4 reflects high impact across confidentiality, integrity, and availability with scope change to subsequent systems, though exploitation requires low-privileged authentication. No public exploit identified at time of analysis.

Path Traversal Lms
NVD GitHub
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-9129 CRITICAL PATCH Act Now

Arbitrary file read in Altium Enterprise Server on-premise deployments allows any authenticated low-privilege user to escape the configured storage root via URL-encoded absolute paths in the Viewer StorageController API, exposing the master configuration containing database credentials, signing keys, certificate passwords, and OAuth secrets. The CVSS 4.0 base score of 9.4 reflects scope change to confidential information enabling full server takeover; no public exploit identified at time of analysis, but the vendor (Altium) has released a fix and cloud-hosted tenants are unaffected because they do not use the local filesystem storage component.

Path Traversal Altium Enterprise Server
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-9141 CRITICAL Act Now

Authentication bypass in Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) lets remote attackers reach the embedded web configuration interface without any login, granting full administrative read and write access over alarm routing and device settings. The CVSS 4.0 score of 9.3 reflects unauthenticated network exploitation with high impact on confidentiality, integrity, and availability, and a public technical write-up exists on Medium alongside a VulnCheck advisory, though no public exploit identified at time of analysis.

Authentication Bypass Ag1000 01A Sms Alert Gateway
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-9139 CRITICAL Act Now

Authentication bypass in the Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) allows unauthenticated remote attackers to recover hard-coded administrative credentials by viewing the page source of login.zhtml, because the validate() function performs credential checking entirely client-side. With a CVSS 4.0 base score of 9.3 (AV:N/AC:L/PR:N/UI:N) and a VulnCheck advisory plus a public Medium write-up, the flaw is trivially exploitable, though no public exploit identified at time of analysis as a packaged tool and the device is not currently listed in CISA KEV.

Authentication Bypass Ag1000 01A Sms Alert Gateway
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-33137 CRITICAL PATCH GHSA Act Now

{wikiName} REST endpoint, which was missing authorization checks. Affects all releases prior to 16.10.17, 17.4.9, 17.10.3, 18.0.1, and 18.1.0-rc-1. CVSS 4.0 base score is 9.3 (critical) with no public exploit identified at time of analysis, but the patch commit clearly exposes the trivial nature of the bypass.

Authentication Bypass Xwiki Platform
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-23734 CRITICAL PATCH GHSA Act Now

Path traversal in XWiki Platform allows unauthenticated remote attackers to read arbitrary files on the server, including sensitive configuration like WEB-INF/xwiki.cfg, by abusing the resource parameter of the ssx and jsx endpoints with leading-slash prefixes. The CVSS 4.0 base score of 9.3 reflects network-reachable, no-privilege exploitation with high impact to confidentiality, integrity, and availability of the vulnerable component. No public exploit identified at time of analysis, though the GitHub Security Advisory includes a working URL pattern that effectively demonstrates the issue.

Path Traversal Xwiki Commons
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-9065 CRITICAL PATCH Act Now

{id} REST endpoint. The flaw stems from a sanitization bypass in the wp-query-builder component where payloads containing a dot character skip $wpdb->prepare() escaping entirely, enabling UNION-based data exfiltration. No public exploit identified at time of analysis, though Tenable Research has published technical details (TRA-2026-43).

WordPress SQLi
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-9059 CRITICAL PATCH Act Now

Authenticated SQL injection in NextGEN Gallery (WordPress plugin by Awesome Motive/Imagely) before version 4.2.1 allows attackers holding the 'NextGEN Gallery overview' capability - granted to Administrators by default - to inject arbitrary SQL via the 'orderby' parameter on the '/imagely/v1/galleries' and '/imagely/v1/albums' REST endpoints. CVSS 4.0 rates this 9.3 due to high confidentiality, integrity, and scope impact; no public exploit identified at time of analysis, but the issue was reported by Tenable Research (TRA-2026-42) and a vendor patch is available.

SQLi Nextgen Gallery
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-8631 CRITICAL PATCH Act Now

Heap-based integer overflow in the hpcups component of HP Linux Imaging and Printing Software (HPLIP) allows attackers to achieve arbitrary code execution and/or privilege escalation by submitting crafted print data. The CVSS 4.0 base score of 9.3 reflects network-reachable exploitation against the printing subsystem with no authentication or user interaction required, though no public exploit identified at time of analysis and the issue has not been added to CISA KEV.

HP Buffer Overflow RCE Heap Overflow Linux Imaging And Printing
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-33278 CRITICAL PATCH Act Now

Use-after-free in the DNSSEC validator of NLnet Labs Unbound resolver versions 1.19.1 through 1.25.0 allows remote attackers to crash the daemon or potentially achieve arbitrary code execution by serving a malicious signed zone to a vulnerable resolver. The flaw stems from a struct-assignment bug during deep copying of response messages when DS sub-queries suspend validation under NSEC3 computational budget exhaustion. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.1 with network attack vector and no required privileges or user interaction makes this a high-priority patching target for any operator running a recursive Unbound resolver.

Memory Corruption Denial Of Service Use After Free RCE Unbound
NVD VulDB
CVSS 4.0
9.1
EPSS
0.4%
CVE-2026-47372 CRITICAL PATCH Act Now

Predictable salt generation in the Perl module Crypt::SaltedHash through version 0.09 weakens password hash storage by deriving salts from Perl's non-cryptographic rand() function. Attackers who obtain a salted hash database can predict or precompute salts, dramatically reducing the cost of offline brute-force or rainbow-table attacks against stored credentials. No public exploit identified at time of analysis and EPSS exploitation probability is negligible (0.01%), but the upstream maintainer has released a fix in version 0.10 that switches to a system CSPRNG.

Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-22314 CRITICAL Act Now

Code injection in Mesalvo Meona Client Launcher Component (through 19.06.2020 15:11:49) and Meona Server Component (through 2025.04 5+323020) allows an authenticated, low-privileged attacker to execute code on other users' systems via crafted input that crosses a scope boundary, with user interaction required on the victim side. CVSS 9.0 reflects the cross-user/cross-system impact (Scope:Changed) and full CIA compromise; no public exploit identified at time of analysis. The product is a clinical/healthcare workflow platform, so successful exploitation can pivot between hospital workstations and the server tier.

Code Injection RCE Meona Client Launcher Component Meona Server Component
NVD
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-7522 HIGH This Week

Local File Inclusion in the Advanced Database Cleaner - Premium WordPress plugin (versions up to and including 4.1.0) allows Subscriber-level authenticated users to include and execute arbitrary .php files via the 'template' parameter. The flaw, reported by Wordfence, carries a CVSS score of 8.8 and can be escalated to full remote code execution when combined with a file upload primitive, while no public exploit identified at time of analysis.

LFI Information Disclosure RCE WordPress PHP
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-24217 HIGH This Week

Path traversal in NVIDIA BioNeMo Core for Linux allows remote attackers to escape intended directory boundaries when a user is induced to load a malicious file, enabling code execution, information disclosure, data tampering, or denial of service. The flaw carries a high CVSS score of 8.8 driven by network reachability and full CIA impact, though exploitation requires user interaction; no public exploit identified at time of analysis.

Information Disclosure RCE Denial Of Service Nvidia Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6456 HIGH This Week

Privilege escalation in the BeycanPress Account Switcher WordPress plugin (versions up to and including 1.0.2) allows authenticated Subscriber-level users to hijack any account, including Administrator, by abusing a loose PHP comparison in the rememberLogin REST endpoint. No public exploit is identified at the time of analysis, but the issue is trivially reproducible from the disclosed root cause and the plugin source on WordPress.org is publicly indexable.

WordPress PHP Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5200 HIGH This Week

Authenticated privilege escalation in the AcyMailing WordPress plugin (versions up to and including 10.8.2) allows users with subscriber-level access or higher to modify privileged plugin configuration and export subscriber secret keys. By chaining these missing authorization flaws with knowledge of an administrator's email address, attackers can achieve full administrator account takeover. No public exploit identified at time of analysis, but Wordfence - the reporting party - typically tracks WordPress plugin abuse closely.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7467 HIGH This Week

Privilege escalation in the Read More & Accordion WordPress plugin (versions up to and including 3.5.7) allows authenticated low-privileged users granted import rights through the plugin's role settings to write arbitrary rows into the wp_users and wp_usermeta tables, effectively creating a new administrator account. The flaw stems from the RadMoreAjax::importData function failing to restrict target database tables and to validate imported data. No public exploit identified at time of analysis, though the vulnerability was disclosed by Wordfence threat intelligence researchers.

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9126 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.179 allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page that triggers a use-after-free in the DOM implementation. The flaw requires user interaction (visiting a malicious page) but no authentication, and while Chromium rates its security severity as Medium, the CVSS 3.1 base score of 8.8 reflects high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Google RCE Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9118 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 148.0.7778.179 stems from a use-after-free flaw in the XR (WebXR) component, enabling a remote attacker to run arbitrary code in the renderer process by enticing a user to visit a crafted HTML page. Chromium rates the issue High severity and CVSS scores it 8.8; no public exploit identified at time of analysis and SSVC reports exploitation status as none. A vendor patch is available via the Stable Channel update referenced in the Chrome Releases advisory.

Microsoft Google RCE Denial Of Service Use After Free +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9114 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.179 stems from a use-after-free condition in the QUIC networking stack, allowing remote attackers to execute arbitrary code within the browser sandbox via malicious network traffic. Exploitation requires user interaction (visiting a malicious site or processing attacker-controlled QUIC traffic), and no public exploit has been identified at time of analysis. Chromium rates this as High severity, and a vendor patch is available.

Google RCE Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9112 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to version 148.0.7778.179 stems from a use-after-free condition in the GPU component, enabling a remote attacker to run arbitrary code within the renderer sandbox after the victim loads a crafted HTML page. Google has rated the issue High severity and shipped a fix; no public exploit identified at time of analysis and SSVC indicates exploitation status 'none' despite total technical impact.

Microsoft Google RCE Denial Of Service Use After Free +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9120 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.179 stems from a use-after-free flaw in the WebRTC component, enabling a remote attacker to run arbitrary code when a victim visits a crafted HTML page. Chromium rates the severity as High and the CVSS 3.1 score is 8.8, but exploitation requires user interaction (UI:R); no public exploit identified at time of analysis.

Google RCE Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9121 HIGH PATCH This Week

Heap corruption in Google Chrome's GPU component prior to version 148.0.7778.179 allows remote attackers to exploit an out-of-bounds read via a crafted HTML page, potentially leading to arbitrary code execution or information disclosure within the renderer context. The flaw carries a CVSS 8.8 (High) rating due to network reachability and high impact across confidentiality, integrity, and availability, though exploitation requires user interaction (visiting a malicious page). There is no public exploit identified at time of analysis, and CISA SSVC marks exploitation status as 'none', suggesting opportunistic rather than active targeting.

Information Disclosure Google Buffer Overflow Suse Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9111 HIGH PATCH This Week

Remote code execution in Google Chrome on Linux before 148.0.7778.179 stems from a use-after-free flaw in the WebRTC component, allowing a remote attacker who lures a victim to a crafted HTML page to execute arbitrary code in the renderer process. Chromium rates the severity as Critical and a vendor patch is available, though there is no public exploit identified at time of analysis and SSVC indicates no observed exploitation. The CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability with required user interaction (visiting a page).

Google RCE Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9119 HIGH PATCH This Week

Heap buffer overflow in the WebRTC component of Google Chrome before 148.0.7778.179 allows remote attackers to execute arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. The flaw was reported by Chrome's internal security team, has a patched stable channel build available, and carries a CVSS 8.8 score with no public exploit identified at time of analysis. SSVC currently rates exploitation as 'none' but technical impact as 'total', reflecting full compromise of the affected process if triggered.

Google Buffer Overflow RCE Heap Overflow Suse +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-44925 HIGH This Week

Cross-Site Request Forgery in InfoScale 9.1.3 Operations Manager (VIOM) web application allows remote attackers on the adjacent network to coerce an authenticated user with an active session into clicking a malicious link that triggers unintended state-changing actions in VIOM. No public exploit identified at time of analysis, but the CVSS 8.8 score reflects high impact on confidentiality, integrity, and availability if a privileged VIOM operator is targeted.

CSRF
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-44926 HIGH This Week

Privilege escalation in Veritas InfoScale CmdServer prior to version 7.4.2 allows authenticated remote attackers to bypass access control restrictions and achieve full compromise of confidentiality, integrity, and availability on the targeted host. The flaw is tagged as an authentication bypass by intelligence sources and carries a CVSS 8.8 (High) rating; no public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Authentication Bypass N A
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-24425 HIGH PATCH GHSA This Week

Sandbox bypass in Twig template engine versions 2.16.x and 3.9.0 through 3.25.x allows attackers with template rendering capabilities to execute arbitrary PHP code when the sandbox is enabled via a SourcePolicyInterface rather than globally. The runtime check on sort, filter, map, and reduce filters fails to propagate the current template source, allowing arbitrary PHP callables to be passed and executed. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the RCE/PHP tagging and CVSS 4.0 score of 8.7 indicate high impact for applications offering user-editable templates.

PHP RCE Twig
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-9003 HIGH This Week

SQL injection in TONNET's E-LAN Hybrid Recording System allows unauthenticated remote attackers to execute arbitrary SQL queries and exfiltrate database contents over the network. The CVSS 4.0 score of 8.7 reflects high confidentiality impact with no required privileges or user interaction, and no public exploit identified at time of analysis. The flaw is reported through TWCERT and affects TONNET's TPR7308 product line per CPE data.

SQLi Tpr7308
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-42959 HIGH PATCH This Week

Remote denial of service in NLnet Labs Unbound recursive DNS resolver (versions up to and including 1.25.0) allows an attacker controlling a DNSSEC-signed domain to crash the resolver process with a single crafted query. The DNSSEC validator uses an incorrect counter when computing write offsets for ADDITIONAL section rrsets while building chase-reply messages, leaving an uninitialized pointer that is later dereferenced. No public exploit identified at time of analysis, and the issue is fixed in Unbound 1.25.1.

Memory Corruption Denial Of Service Unbound
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-42944 HIGH PATCH This Week

Heap overflow denial-of-service in NLnet Labs Unbound recursive DNS resolver versions 1.14.0 through 1.25.0 allows remote unauthenticated attackers to crash the resolver by sending DNS queries containing multiple NSID, DNS Cookie, and/or EDNS Padding options. The flaw stems from a numeric truncation in EDNS field size calculation that lets attacker-influenced data overflow the response buffer. No public exploit identified at time of analysis and not listed in CISA KEV, but the impact is service-wide DNS outage for any user of an affected resolver.

Denial Of Service Unbound
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-39310 HIGH PATCH This Week

Authentication bypass in Trilium Notes Desktop (Electron build) versions 0.102.1 and earlier allows remote unauthenticated attackers on the same network to access the Clipper API and read or manipulate notes without any credentials. The Electron runtime detection explicitly disables auth middleware on endpoints like /api/clipper/notes and the handshake endpoint, which fingerprints the application - no public exploit identified at time of analysis, but the vendor advisory GHSA-jcvx-vc83-cppw confirms the issue and the fix shipped in 0.102.2.

CSRF Authentication Bypass Trilium
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-8632 HIGH PATCH This Week

Local privilege escalation in HP Linux Imaging and Printing Software (HPLIP) allows authenticated low-privileged users to execute arbitrary OS commands via command injection, potentially gaining elevated privileges on affected Linux hosts. The CVSS 4.0 score of 8.5 reflects high impact to confidentiality, integrity, and availability with low attack complexity, and no public exploit identified at time of analysis. The vulnerability is reported directly by HP PSIRT under advisory hpsbpi04118.

HP RCE Command Injection Linux Imaging And Printing
NVD VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-44933 HIGH PATCH This Week

Privilege escalation via chroot bypass in PluginScript allows local users to execute host binaries such as /bin/bash with root privileges when the repoManagerRoot is set to '/' (a common default or result of --root). Because chroot to the system root is a no-op, path traversal within the plugin escapes intended isolation. No public exploit identified at time of analysis, but the issue was reported by a SUSE researcher and is tracked in SUSE Bugzilla.

Information Disclosure Suse
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy