Skip to main content
CVE-2026-43499 HIGH PATCH This Week

Local privilege escalation and potential memory corruption in the Linux kernel's rtmutex (real-time mutex) subsystem stems from remove_waiter() incorrectly operating on the current task instead of waiter::task during proxy-lock rollback in futex_requeue() paths. Exploitation can leave a dangling pi_blocked_on pointer primed for a use-after-free, with CVSS 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting local low-privileged access. EPSS is 0.02% (7th percentile) and no public exploit identified at time of analysis, but the UAF primitive is a known building block for kernel privilege escalation.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46432 HIGH PATCH GHSA This Week

Arbitrary code execution in InternLM lmdeploy <= 0.12.3 occurs because trust_remote_code=True is hardcoded across HuggingFace model-loading call sites in lmdeploy/archs.py and lmdeploy/utils.py. An attacker who can influence the model_path passed to an lmdeploy serving process can point it at a malicious HuggingFace repository, causing Transformers to download and execute attacker-controlled Python code with the privileges of the serving daemon. Publicly available exploit code exists in the GHSA advisory, and an upstream fix has been merged via PR #4511 (fixed in 0.13.0).

Kubernetes Code Injection RCE Denial Of Service Python
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45250 HIGH This Week

The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capacity of that buffer, a stack buffer overflow occurs. Because the bounds check on the supplementary groups list occurs after the kernel stack buffer has already been written, an unprivileged local user may trigger the overflow without holding any special privilege. Successful exploitation may allow an attacker to execute arbitrary code in the context of the kernel, allowing an unprivileged local user to gain elevated privileges on the affected system.

Stack Overflow Buffer Overflow RCE Freebsd
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43498 HIGH PATCH This Week

Local privilege-level data corruption in the Linux kernel's accel/ivpu driver (Intel VPU accelerator) allows authenticated local users to trigger incorrect device access and memory corruption by re-exporting imported GEM (Graphics Execution Manager) buffer objects via the DMA-BUF prime interface. The flaw stems from the missing validation that allowed buffer flag settings to be lost on re-export, and while CVSS rates it 7.8 High due to local high-impact effects, EPSS is only 0.02% and no public exploit identified at time of analysis.

Linux Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45251 HIGH This Week

A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, the kernel must remove the blocked thread from the per-object wait queue prior to freeing the object. In the case of some file descriptor types, the kernel failed to unlink blocked threads from the object before freeing it. When the blocked thread is subsequently woken, it accesses memory that has already been freed resulting in a use-after-free vulnerability. The use-after-free vulnerability may be triggered by an unprivileged local user and can be exploited to obtain superuser privileges.

Memory Corruption Information Disclosure Use After Free Freebsd
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46517 HIGH GHSA This Week

Unsafe default code execution in InternLM LMDeploy (<=0.12.3) lets a malicious Hugging Face model repository run arbitrary Python on the host whenever a user loads it through any LMDeploy CLI (serve, calibrate, gptq, awq). The library hardcodes transformers.AutoConfig.from_pretrained(..., trust_remote_code=True) in get_model_arch and related helpers with no flag, env var, or warning to opt out, overriding HF Transformers' default-secure stance. No public exploit identified at time of analysis, and exploitation requires the user to load an untrusted repo, so risk is hardening-level rather than network-reachable RCE.

Code Injection Python RCE
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28764 HIGH This Week

Heap-based buffer overflow in MediaArea MediaInfoLib's LXF (Leitch eXchange Format) element parser allows attackers to achieve arbitrary code execution when a victim opens a maliciously crafted LXF media file. The flaw, disclosed by Cisco Talos as TALOS-2026-2371 and assigned CWE-823, requires user interaction and local file access but no privileges, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow Mediainfolib
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71216 HIGH HOSTED Monitor

A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).

Trend Micro Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71217 HIGH HOSTED Monitor

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).

Trend Micro Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71214 HIGH HOSTED Monitor

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release).

Trend Micro Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45208 HIGH PATCH This Week

Local privilege escalation in Trend Micro Apex One and Apex One as a Service agents allows an attacker with low-privileged code execution to win a race condition in the endpoint protection agent and elevate to higher privileges. The flaw is a time-of-check time-of-use (TOCTOU) weakness (CWE-367) in the Apex One/SEP agent on Windows endpoints, with no public exploit identified at time of analysis and not currently listed in CISA KEV. The vendor has published advisory KA-0023430 with fixed builds.

Privilege Escalation Trendai Apex One Trendai Apex One As A Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45207 HIGH PATCH This Week

Local privilege escalation in Trend Micro Apex One and Apex One as a Service allows an authenticated low-privileged user to elevate to higher privileges by abusing an origin validation flaw in one of the agent's process protection communication mechanisms. No public exploit identified at time of analysis, but the vulnerability is companion to CVE-2026-45206 in a parallel code path, which suggests the underlying class of issue is actively being researched by Trend Micro's own team.

Privilege Escalation Trendai Apex One Trendai Apex One As A Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45206 HIGH PATCH This Week

Local privilege escalation in Trend Micro Apex One and Apex One as a Service allows low-privileged attackers to elevate to higher privileges by abusing an origin validation weakness (CWE-346) in one of the agent's process protection communication mechanisms. The flaw is a sibling issue to CVE-2026-45207 affecting a different IPC channel and is reported by Trend Micro itself; no public exploit identified at time of analysis and the CVE is not on CISA KEV.

Privilege Escalation Trendai Apex One Trendai Apex One As A Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34930 HIGH PATCH This Week

Local privilege escalation in Trend Micro Apex One and Apex One as a Service stems from an origin validation weakness (CWE-346) in one of the agent's process protection mechanisms, allowing a low-privileged local attacker to elevate to SYSTEM-level privileges on affected installations. The flaw was reported by Trend Micro itself and is a sibling issue to CVE-2026-34927, which affects a different process protection mechanism in the same agent. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Privilege Escalation Trendai Apex One Trendai Apex One As A Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34929 HIGH PATCH This Week

Local privilege escalation in Trend Micro Apex One and Apex One as a Service agents allows an attacker with low-privileged code execution to gain elevated rights by exploiting weak origin validation in an inter-process communication channel. No public exploit identified at time of analysis, but the flaw is a sibling to CVE-2026-34927 (different IPC mechanism in the same agent) which raises the likelihood of researcher and adversary interest. Vendor patches are available for both the on-prem 2019 (14.0) line and the SaaS offering.

Privilege Escalation Trendai Apex One Trendai Apex One As A Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34928 HIGH PATCH This Week

Local privilege escalation in Trend Micro Apex One and Apex One as a Service security agents allows a low-privileged attacker who already has code execution on the endpoint to elevate to higher privileges by abusing a named pipe that fails to validate the origin of incoming connections. The flaw is companion to CVE-2026-34927 (a sibling issue in a different named pipe) and currently has no public exploit identified at time of analysis, but its presence in widely-deployed endpoint security software materially raises post-compromise risk.

Privilege Escalation Trendai Apex One Trendai Apex One As A Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34927 HIGH PATCH This Week

Local privilege escalation in Trend Micro Apex One (on-premises 2019/14.0) and Apex One as a Service allows a low-privileged user already executing code on the host to elevate to higher privileges by abusing an origin validation weakness in the security agent. The flaw carries a CVSS 7.8 (local, low complexity) and no public exploit identified at time of analysis, but because the agent typically runs with SYSTEM-level rights, successful exploitation yields full host compromise. Trend Micro has issued patched builds (KA-0023430).

Privilege Escalation Trendai Apex One Trendai Apex One As A Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71213 HIGH PATCH This Week

Local privilege escalation in Trend Micro Apex One and Apex One as a Service stems from an origin validation error (CWE-346) that lets an authenticated low-privileged attacker elevate to higher privileges on the host. Trend Micro has released fixed builds and ZDI has published an advisory (ZDI-26-140); no public exploit identified at time of analysis, though vendor-reported vulnerabilities in endpoint security agents are frequent targets for post-compromise attackers.

Trend Micro Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71212 HIGH PATCH This Week

Local privilege escalation in the Trend Micro Apex One scan engine allows low-privileged users on Windows endpoints to gain elevated privileges by abusing a link-following weakness (CWE-59) in the scanner's file-handling logic. The flaw affects on-premise Apex One 2019 builds prior to 14.0.0.14136 and the SaaS edition prior to 14.0.20315, with a patch available from Trend Micro; no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Trend Micro Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46634 HIGH PATCH GHSA This Week

Sandbox escape in Twig 3.9.0-3.25.x allows any attacker with template authoring access to fully bypass `SourcePolicyInterface`-driven security policies, enabling OS command execution via `|map("system")` and secret disclosure via `constant()`. The bypass occurs because `Environment::createTemplate()` compiles inline strings under a synthesized name (`__string_template__<hash>`) that name/path-based `SourcePolicy` implementations do not recognize, causing `checkSecurity()` to silently become a no-op on the inner template. No public exploit has been identified at time of analysis, though the vendor advisory provides sufficient technical detail for reproduction, and the RCE tag confirms the potential impact is critical for affected configurations.

RCE
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-44068 HIGH PATCH This Week

Path traversal via extended attribute (ea) handling in Netatalk 2.1.0 through 4.4.2 allows authenticated remote attackers to access or modify files outside intended directories on AFP file shares. The flaw stems from incomplete input sanitization on the ea code path and is resolved in 4.4.3. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Path Traversal Suse
NVD VulDB
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-46701 HIGH POC PATCH GHSA This Week

Unauthenticated cross-origin MCP tool invocation in Network-AI v5.4.4 allows a remote attacker to lure a victim to a malicious web page that silently invokes any of the 22 exposed MCP tools (including config_set, agent_spawn, blackboard_write, and token_create/revoke) against the victim's locally running MCP SSE server. The vulnerability stems from an empty default secret combined with a wildcard CORS policy, and publicly available exploit code exists in the GHSA advisory demonstrating end-to-end exploitation. No CISA KEV listing yet and EPSS data was not provided, but the published PoC and trivial attack mechanics make this a meaningful risk for any user running the default Docker deployment.

Python RCE Docker
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-44055 HIGH PATCH This Week

Shell injection in Netatalk 3.1.4 through 4.4.2 allows authenticated remote attackers to execute arbitrary OS commands through a bitwise-OR logic flaw, achieving full confidentiality, integrity, and availability impact (CVSS 7.5). Netatalk is the open-source AFP (Apple Filing Protocol) server commonly deployed on Linux/BSD NAS appliances to share files with macOS clients. The flaw was fixed in version 4.4.3; no public exploit identified at time of analysis and the issue is not currently in CISA KEV.

Command Injection Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-44062 HIGH PATCH This Week

Out-of-bounds write in Netatalk versions 2.0.4 through 4.4.2 stems from a missing o_len bounds check in the pull_charset_flags() character-set conversion routine, enabling remote attackers with low privileges to corrupt memory and potentially compromise confidentiality, integrity, and availability of the AFP file server. The flaw is addressed in Netatalk 4.4.3, and no public exploit has been identified at time of analysis.

Memory Corruption Buffer Overflow Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-44049 HIGH PATCH This Week

Out-of-bounds write in Netatalk versions 2.0.4 through 4.4.2 affects the convert_charset() routine during null termination handling, exposing the AppleTalk/AFP server implementation to memory corruption. Authenticated remote attackers can trigger heap or stack corruption that threatens confidentiality, integrity, and availability of the host. No public exploit identified at time of analysis, and the vendor has shipped a corrective release in 4.4.3.

Memory Corruption Buffer Overflow Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-8426 HIGH PATCH GHSA This Week

Remote code execution in Concrete CMS 9.5.0 and earlier is achievable through a CSRF flaw in the /dashboard/extend/update/prepare_remote_upgrade/<remoteMPID> endpoint, which fails to validate anti-CSRF tokens. An attacker who controls a marketplace package matching an item ID already installed on the victim site can overwrite package PHP files and trigger the upgrade() method via a single navigation by a privileged admin, resulting in code execution as the web server user. No public exploit identified at time of analysis, though the vendor (Concrete CMS security team) has acknowledged and rated the issue at CVSS 4.0 7.5.

PHP CSRF RCE
NVD
CVSS 4.0
7.5
EPSS
0.1%
CVE-2026-8421 HIGH PATCH GHSA This Week

Cross-site request forgery in Concrete CMS 9.5.0 and earlier allows remote attackers to coerce an authenticated administrator with canInstallPackages permission into installing an attacker-controlled package, resulting in remote code execution as the web server user. The flaw resides in the install_package() method of the dashboard's extend/install.php controller, which lacks CSRF token validation. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

PHP CSRF RCE
NVD
CVSS 4.0
7.5
EPSS
0.1%
CVE-2026-44060 HIGH PATCH This Week

Denial of service in Netatalk versions 1.5.0 through 4.4.2 allows remote unauthenticated attackers to crash the AFP (Apple Filing Protocol) service by exploiting an integer underflow in the dsi_writeinit() function. The flaw is network-reachable with low complexity (CVSS 7.5, AV:N/AC:L/PR:N) and no public exploit identified at time of analysis, though the trivial trigger conditions make exploitation straightforward once a proof-of-concept emerges. Netatalk has resolved the issue in version 4.4.3.

Denial Of Service Integer Overflow Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-46679 HIGH PATCH GHSA This Week

Remote denial-of-service in @libp2p/gossipsub (versions <= 15.0.22) allows a single unauthenticated peer to exhaust the Node.js heap of any gossipsub node running default options. Three cooperating defects - an uncapped decode limit (maxSubscriptions = Infinity), unbounded growth of the internal this.topics Map on subscription handling, and a memory leak that leaves empty Sets behind on peer disconnect - combine to produce ~22x amplification, crashing a 1.5GB-heap process after roughly 68MB of attacker bandwidth (~5 seconds at 100Mbps). A working PoC is published in the GitHub Security Advisory GHSA-4f8r-922h-2vgv; no public exploit identified at time of analysis as a separate weaponized tool, but the advisory itself contains reproducible test code.

Node.js Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-46673 HIGH PATCH GHSA This Week

Denial-of-service via unchecked memory allocation in russh (Rust SSH library) versions <= 0.60.2 allows local SSH agent peers to trigger uncontrolled buffer growth by sending oversized frame length values, and in pre-0.58.0 releases the same CryptoVec allocation path was reachable from remote SSH transport and zlib decompression buffers. The flaw stems from CryptoVec performing unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking calls including NonNull::new_unchecked on potentially failed allocations, which can abort the process under memory pressure. Publicly available exploit code exists in the form of researcher-supplied PoC tests demonstrating both rejection on patched code and crash behavior on historical versions; no public exploit identified at time of analysis for active campaigns and the issue is not listed in CISA KEV.

SSH Denial Of Service RCE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46545 HIGH PATCH GHSA This Week

Remote unauthenticated denial-of-service in the Nimiq core-rs-albatross client (nimiq-primitives crate prior to 1.5.0) lets any state-sync peer crash a syncing node by sending a ResponseChunk whose first TrieItem.key is the empty ROOT key, triggering a panic in MerkleRadixTrie::put_chunk → put_raw. No public exploit identified at time of analysis, but the issue is trivially triggerable with a single malformed chunk and affects all nodes performing initial sync or recovery against untrusted peers. EPSS data was not provided; CVSS A:H impact and zero attacker prerequisites make this a high-priority availability bug for Nimiq node operators.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8350 HIGH PATCH GHSA This Week

Privilege escalation in Concrete CMS 9.5.0 and earlier allows authenticated users with access to the bulk user assignment dashboard to add arbitrary accounts to the Administrators group and remove existing admins, effectively hijacking site control. The flaw stems from missing authorization checks in bulk_user_assignment.php and was disclosed with a vendor-assigned CVSS v4.0 score of 7.5. No public exploit identified at time of analysis, and the issue is not present in CISA KEV.

PHP Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-44052 HIGH PATCH This Week

Information disclosure in Netatalk 2.1.0 through 4.4.2 exposes LDAP simple-bind passwords in log files, allowing any actor with read access to the affected logs to recover plaintext directory service credentials. The flaw is fixed in version 4.4.3, and no public exploit identified at time of analysis, though the CVSS 7.5 score reflects the high confidentiality impact of leaked bind credentials.

Information Disclosure Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46625 HIGH PATCH GHSA This Week

Cookie-attribute injection in js-cookie versions 3.0.5 and earlier allows remote attackers to override security-relevant Set-Cookie attributes (domain, secure, samesite, expires, path) by supplying a JSON-derived attributes object containing a __proto__ key. Publicly available exploit code exists in the GHSA-qjx8-664m-686j advisory demonstrating per-instance prototype hijack via the assign() helper. No active exploitation has been observed, and the issue is fixed in 3.0.7.

Ubuntu Node.js Prototype Pollution Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-45255 HIGH This Week

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by the shell. As a result, a suitably crafted network name can be used to execute commands via a subshell. The problem can be exploited to execute code as root on the system running bsdinstall or bsdconfig. The attacker would need to create an access point with a specially crafted name and be within range of a Wi-Fi scan. Note that bsdinstall and bsdconfig are vulnerable as soon as the user prompts them to scan for nearby networks; they do not need to actually select the malicious network.

Command Injection Freebsd
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46643 HIGH PATCH GHSA This Week

Command injection in KnpLabs Snappy PHP library (versions <= 1.7.0) allows attackers to execute arbitrary OS commands when the wkhtmltopdf/wkhtmltoimage binary path is attacker-influenced. An inverted is_executable() check around escapeshellarg() renders the safe branch dead code, causing the binary path to be concatenated unescaped into the shell command. Publicly available exploit code exists (vendor-published PoC in the advisory), but no public exploit identified at time of analysis in CISA KEV.

PHP Command Injection
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-42001 HIGH PATCH This Week

Remote denial of service in PowerDNS Authoritative Server arises from insufficient validation of SOA queries received via the Autoprimary (formerly 'supermaster') replication mechanism, allowing unauthenticated network-based attackers to disrupt service availability. The flaw carries a CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) with availability-only impact, and no public exploit identified at time of analysis. The OX-reported issue is documented in PowerDNS Security Advisory 2026-06.

Denial Of Service Authoritative
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8428 HIGH PATCH GHSA This Week

Cross-site request forgery in Concrete CMS 9.5.0 and earlier allows remote attackers to coerce an authenticated administrator's browser into triggering a core CMS upgrade to an attacker-chosen version. The dashboard's do_update() controller emits a CSRF token in the rendered POST form but never calls $this->token->validate('do_update'), leaving the update workflow effectively unauthenticated against forged cross-origin requests. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

PHP CSRF
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-8140 HIGH PATCH GHSA This Week

Cross-site request forgery in Concrete CMS 9.5.0 and earlier allows remote attackers to coerce authenticated administrators into downloading arbitrary marketplace packages to the server's DIR_PACKAGES directory by luring them to a crafted page that triggers the unprotected /dashboard/extend/install/download/<remoteId> GET endpoint. The vendor assigned CVSS 4.0 of 7.5 reflecting high impact on confidentiality, integrity, and availability, though no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

PHP CSRF
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-8417 HIGH PATCH GHSA This Week

Cross-site request forgery in Concrete CMS 9.5.0 and earlier allows remote attackers to coerce an authenticated administrator into triggering arbitrary package upgrades by luring them to a malicious page that issues a single GET to /dashboard/extend/update/do_update/<pkgHandle>. The do_update() handler only checks the canInstallPackages() permission and omits CSRF token validation on this state-changing route, so a cross-site navigation is sufficient to invoke upgradeCoreData() and the package controller's upgrade() routine. No public exploit identified at time of analysis and no CISA KEV listing; EPSS not provided.

PHP CSRF
NVD VulDB
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-46473 HIGH PATCH This Week

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

Information Disclosure Authen
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-13479 HIGH This Week

Unauthorized data disclosure in PosCube QR Menu (all versions through 21052026) allows remote attackers to access other users' restaurant menu data by manipulating user-controlled identifiers in requests. The flaw is an Insecure Direct Object Reference (IDOR) reachable over the network without authentication, and no public exploit identified at time of analysis. Reported by Turkey's national CERT (TR-CERT), with the vendor unresponsive to disclosure outreach.

Authentication Bypass Qr Menu
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44053 HIGH PATCH This Week

Weak cryptography in the dhcast128 user authentication module (UAM) of Netatalk versions 1.5.0 through 4.2.2 allows remote attackers to compromise confidentiality and integrity of AFP authentication exchanges. The flaw was reported by Securin and tagged as an information disclosure issue; no public exploit identified at time of analysis. The CVSS 7.4 score with High attack complexity reflects that exploitation requires conditions beyond a simple network request, yet the impact on credential material and session integrity is significant.

Information Disclosure Suse
NVD VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-8203 HIGH PATCH GHSA This Week

Stored cross-site scripting in Concrete CMS 9.5.0 and earlier allows authenticated editors to inject persistent JavaScript via the unvalidated 'height' parameter, executing in any subsequent visitor's browser. The CVSS 4.0 score of 7.3 reflects high privilege requirements (editor role) combined with high impact, and no public exploit identified at time of analysis.

XSS Concrete Cms
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-8197 HIGH PATCH GHSA This Week

Stored cross-site scripting in Concrete CMS 9.5.0 and earlier allows a high-privileged admin to inject arbitrary HTML/JavaScript into the OAuth authorize template via the integration name field. The flaw arises because the integration name is wrapped in <strong> tags by PHP string interpolation before being passed to the t() translation helper, causing the resulting raw HTML to be rendered when end users view the OAuth consent screen. No public exploit identified at time of analysis, but a rogue or compromised admin could potentially harvest OAuth login submissions from victims.

PHP XSS
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-46680 HIGH PATCH GHSA This Week

runAsNonRoot bypass in containerd allows crafted container images to execute as UID 0 despite Kubernetes security policies designed to prevent root execution. The flaw stems from containerd treating numeric USER directives that overflow a 32-bit integer as usernames, and if the image's /etc/passwd maps that string to root, the container runs as root. No public exploit identified at time of analysis, but the issue was responsibly disclosed by Lei Wang (@ssst0n3) and fixed in multiple containerd release branches.

Memory Corruption Kubernetes Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-43497 HIGH PATCH This Week

Use-after-free in the Linux kernel's udlfb (DisplayLink USB framebuffer) driver allows a local user with access to the framebuffer device to retain read/write access to freed kernel memory pages after a USB disconnect or framebuffer reallocation. The dlfb_ops_mmap() function maps vmalloc-backed framebuffer pages to userspace without installing vm_ops callbacks, so the kernel cannot track active mappings and vfree() is called on pages still referenced by user PTEs. No public exploit identified at time of analysis, EPSS is very low (0.02%), and the issue is not listed in CISA KEV.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-44058 HIGH PATCH This Week

Authentication bypass in Netatalk 2.2.2 through 4.4.2 allows attackers with high-privileged admin auth user credentials to circumvent authentication controls in this open-source AFP (Apple Filing Protocol) server implementation. The flaw, tracked as EUVD-2026-31234 and tagged as an Authentication Bypass weakness, carries a CVSS 7.2 (High) score and is fixed in version 4.5.0; no public exploit identified at time of analysis.

Authentication Bypass Suse
NVD VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-46492 HIGH PATCH GHSA This Week

Stored/reflected cross-site scripting in the md-fileserver npm package (versions prior to 1.10.3) allows remote unauthenticated attackers to execute arbitrary JavaScript in a viewer's browser by uploading or supplying Markdown files containing raw HTML or script tags. The vulnerability stems from markdown-it being configured with html:true and rendered output being injected into the template without sanitization or output encoding. No public exploit identified at time of analysis beyond the vendor-provided PoC, and the issue is not currently listed in CISA KEV.

Information Disclosure CSRF XSS
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-44066 HIGH PATCH This Week

Heap out-of-bounds read in Netatalk 3.1.0 through 4.4.2 allows authenticated remote attackers to disclose sensitive memory contents and potentially crash the daemon by sending malformed Spotlight RPC requests. The flaw stems from improper bounds checking during Spotlight RPC unmarshalling and is fixed in version 4.4.3. No public exploit identified at time of analysis, and there is no evidence of active exploitation in CISA KEV.

Information Disclosure Buffer Overflow Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy