Skip to main content
CVE-2026-8856 HIGH PATCH This Week

Denial of service in IBM HTTP Server 8.5 and 9.0 allows local attackers with write access to server configuration files to crash or render the web server unavailable. The CVSS vector (AV:L/PR:N) indicates a local attack vector with high integrity and availability impact, and no public exploit has been identified at time of analysis. EPSS exploitation probability is very low at 0.03% (9th percentile), and SSVC scores exploitation as 'none' with partial technical impact, suggesting limited real-world urgency.

Denial Of Service IBM Http Server
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-45082 HIGH PATCH This Week

Server-side request forgery in Karakeep self-hosted bookmark manager versions prior to 0.32.0 allows authenticated users to bypass internal-network protections by chaining attacker-controlled HTTP redirects, reaching Docker-internal services from the crawler and video download flows. Publicly available exploit code exists per SSVC, though EPSS is low at 0.03% and the issue is not in CISA KEV. Fixed in version 0.32.0.

Docker SSRF Karakeep
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-39661 HIGH This Week

Local File Inclusion in Magentech SW Core WordPress plugin (versions through 1.7.18) allows authenticated remote attackers to coerce the application into including arbitrary PHP files via improperly validated filename input. Successful exploitation results in disclosure of sensitive server-side files and potential code execution under the web server context. No public exploit has been identified at time of analysis, and EPSS exploitation probability is low at 0.11%.

PHP Information Disclosure LFI Sw Core
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-48133 HIGH This Week

Unauthenticated information disclosure in Check Point Quantum Security Gateway allows remote attackers to read internal files on the appliance when the Identity Awareness blade is configured with Browser-Based Authentication. The flaw maps to CWE-98 (PHP file inclusion) and carries a CVSS 7.5 with confidentiality-only impact; EPSS is low (0.10%) and there is no public exploit identified at time of analysis, but the unauthenticated network reach against a perimeter gateway makes triage urgent for affected deployments.

PHP Information Disclosure LFI Quantum Security Gateway
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-44847 HIGH PATCH This Week

Authentication bypass in MaxKB (1Panel-dev) versions prior to 2.9.0 allows remote unauthenticated attackers to invoke webhook trigger endpoints and execute their bound tasks. The flaw stems from the WebhookAuth class unconditionally returning a successful authentication tuple, which Django REST Framework interprets as a valid identity, combined with no backend enforcement of per-trigger token requirements. No public exploit identified at time of analysis, but the trivial nature of the bypass and open-source visibility of the patch make exploitation straightforward for any attacker who can enumerate or guess trigger IDs.

Python Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-8620 HIGH PATCH This Week

HTTP request smuggling in IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5 and 9.0 allows remote unauthenticated attackers to send specially crafted requests that desynchronize front-end and back-end HTTP parsing. Successful exploitation enables cache poisoning, security control bypass, and limited disclosure or modification of data passing through the plug-in, with a CVSS 7.5 reflecting a Changed scope and high confidentiality impact. There is no public exploit identified at time of analysis, EPSS is low at 0.05% (15th percentile), and CISA SSVC marks exploitation status as none.

Information Disclosure IBM Request Smuggling Web Server Plug Ins For Websphere Application Server And Websphere Liberty
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43988 HIGH PATCH This Week

Remote denial of service in Vanetza 26.02 and earlier lets unauthenticated attackers crash the C-ITS protocol stack by sending malformed network packets containing corrupted ASN.1/OER structures, such as invalid length fields or malformed certificate encodings. The ASN.1 wrapper (asn1c_wrapper.cpp) raises a std::runtime_error that is never caught at the parsing boundary, so it propagates to std::terminate and kills the process. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV; EPSS data was not provided.

Information Disclosure Vanetza
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-48688 HIGH This Week

Out-of-bounds read in FastNetMon Community Edition through 1.2.9 allows remote unauthenticated attackers to leak adjacent process memory by sending crafted BGP UPDATE messages containing malformed MP_REACH_NLRI IPv6 attributes. The flaw resides in decode_mp_reach_ipv6() where attacker-controlled length fields drive memcpy operations without bounds validation, and is acknowledged by an in-source TODO comment by the maintainer. No public exploit identified at time of analysis, EPSS is low (0.03%), and CISA SSVC classifies exploitation as 'none' but 'automatable: yes', meaning weaponization is technically straightforward if a threat actor invests effort.

Information Disclosure Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44905 HIGH This Week

Denial of service in Vanetza (riebl) versions 26.02 and earlier lets remote unauthenticated attackers crash the V2X message-processing daemon by sending a crafted Secured Message whose signing certificate carries an out-of-range or invalid-CHOICE Psid value. The malformed certificate passes the permissive ASN.1 decode step but trips a semantic constraint check during OER re-encoding inside the signature-verification path, raising an exception that is never caught and forcing std::terminate. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but the network-reachable, no-authentication, low-complexity profile (CVSS 7.5) makes it a credible availability risk for any node that verifies untrusted V2X traffic.

Information Disclosure Vanetza
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-48901 HIGH This Week

Information disclosure in Joomla! CMS arises because InputFilter::getInstance() builds its instance cache key without including a security-sensitive parameter, allowing a previously cached filter instance to be returned even when a different security posture was requested. Remote unauthenticated attackers can leverage the resulting filter mismatch to retrieve sensitive data (CVSS 7.5, C:H only). No public exploit identified at time of analysis and EPSS is 0.02% (5th percentile), indicating low predicted exploitation in the near term.

Information Disclosure Joomla Cms
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42497 HIGH PATCH This Week

Arbitrary file modification in the Perl Archive::Tar module before version 3.08 allows a malicious tar archive to create hardlinks pointing outside the extraction directory. Any application or service that extracts attacker-supplied tarballs is affected: because extraction chmods the shared inode of a hardlink, an attacker can alter permissions of sensitive files outside the intended target path. EPSS is very low (0.02%, 5th percentile) and there is no public exploit identified at time of analysis; it is not listed in CISA KEV.

Buffer Overflow Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-9538 HIGH PATCH This Week

Memory exhaustion in the Perl Archive::Tar module before version 3.10 lets remote attackers cause a denial of service by supplying a crafted tar archive whose per-entry header declares an arbitrarily large size, which the module trusts and uses to drive allocation before reading. The flaw is unauthenticated and network-reachable (CVSS 7.5, A:H only - no confidentiality or integrity impact) but affects only applications that parse untrusted tarballs with this module. There is no public exploit identified at time of analysis and EPSS is very low (0.02%, 4th percentile); the vendor shipped a fix in 3.10.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8850 HIGH PATCH This Week

Denial of service in IBM HTTP Server 8.5 and 9.0 allows remote unauthenticated attackers to crash the web server when the optional mod_ibm_upload module is loaded, triggering a null pointer dereference (CWE-476). No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02% (4th percentile), though SSVC flags the issue as automatable with partial technical impact. Affected deployments include HTTP Server 8.5 up to Interim Fix 002 and HTTP Server 9.0, with a vendor patch available via IBM support note 7274065.

Denial Of Service Null Pointer Dereference IBM Http Server
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8854 HIGH PATCH This Week

Denial of service in IBM HTTP Server 8.5 and 9.0 allows remote unauthenticated attackers to crash or degrade the service when the optional mod_mem_cache module is loaded. The flaw carries a CVSS 7.5 (availability-only impact) and has no public exploit identified at time of analysis, though the SSVC framework rates exploitation as automatable. EPSS probability is very low (0.01%, 3rd percentile), suggesting limited near-term exploitation interest.

Denial Of Service IBM Http Server
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24212 HIGH This Week

Cleartext transmission of sensitive information in NVIDIA Isaac Launchable for Linux (all versions prior to 1.2) exposes credentials or other sensitive data to attackers on the same adjacent network, potentially enabling downstream code execution, privilege escalation, information disclosure, and data tampering. The flaw carries a CVSS 7.5 (High) rating, but exploitation requires adjacent-network access and high attack complexity, and there is no public exploit identified at time of analysis. EPSS is 0.00% and the issue is not on the CISA KEV list.

Information Disclosure Nvidia RCE Isaac Launchable
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40383 HIGH This Week

Local file inclusion in Joomla! CMS versions 3.2.1 through 5.4.5 and 6.0.0 through 6.1.0 allows authenticated high-privilege attackers to read arbitrary server files via improper validation of the layout parameter in htmlview. The flaw is reported by the Joomla project itself (EUVD-2026-31888) and no public exploit identified at time of analysis, with EPSS scoring 0.00% and CISA SSVC marking exploitation status as none despite total technical impact.

Path Traversal Joomla Cms
NVD VulDB
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-48048 HIGH PATCH GHSA This Week

Information disclosure in XWiki Platform's LiveTableResults macro allows unauthenticated remote attackers to reconstruct user password hashes and salts one bit at a time by sending approximately 768 crafted requests with manipulated class-per-property parameters. This is a bypass of the prior fix for GHSA-5cf8-vrr8-8hjm, which failed to account for an alternate parameter path. No public exploit is identified at time of analysis, but the technique is fully described in the vendor advisory.

Information Disclosure Atlassian
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-48697 HIGH This Week

Man-in-the-middle interception of telemetry traffic affects FastNetMon Community Edition through version 1.2.9 due to missing TLS certificate validation in outbound HTTPS connections. Network-positioned attackers can intercept, modify, or redirect telemetry data sent to community-stats.fastnetmon.com - including system fingerprints, kernel version, traffic statistics, and configuration details - and potentially serve malicious responses. EPSS is very low (0.01%), and there is no public exploit identified at time of analysis, though a technical write-up by Lorikeet Security details the root cause.

OpenSSL Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-8835 HIGH PATCH This Week

Invalid pointer dereference in IBM HTTP Server 8.5 and 9.0 allows an authenticated privileged user on the Administration Server to expose sensitive information or trigger a denial-of-service condition. The flaw requires adjacent network access and existing low-level privileges, and no public exploit identified at time of analysis. EPSS exploitation probability is negligible (0.01%) and CISA SSVC indicates no observed exploitation.

Denial Of Service IBM Http Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-8046 HIGH PATCH This Week

Privilege escalation through unauthorized account deletion in CODESYS Control runtime products (versions below 3.5.22.20 / 4.21.0.0) allows authenticated low-privileged remote users to delete other accounts, including administrators. Reported by CERT@VDE under advisory VDE-2026-056, with no public exploit identified at time of analysis and a low EPSS score of 0.10% (26th percentile), suggesting limited near-term exploitation likelihood despite the vendor-confirmed authorization flaw.

Authentication Bypass Codesys Control Rte Sl Codesys Control Rte For Beckhoff Cx Sl Codesys Control Win Sl Codesys Hmi Sl +12
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-44730 HIGH PATCH GHSA This Week

Privilege escalation in OpenCTI prior to 6.9.7 allows an organization admin to gain elevated platform-wide privileges by adding a higher-privileged user from a different organization into their own organization, exploiting incorrect ACL enforcement on the userEdit relationAdd GraphQL mutation. The flaw yields full platform access and exposure of sensitive intelligence data; no public exploit identified at time of analysis and EPSS is very low (0.04%, 11th percentile), but the vendor-confirmed GHSA advisory and trivial attack complexity make this a meaningful tenancy-isolation issue for multi-organization deployments.

Authentication Bypass Opencti
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-4051 HIGH PATCH This Week

Remote code execution in IBM Engineering Lifecycle Management (ELM) versions 7.0.3 through Interim Fix 021, 7.1.0 through Interim Fix 009, and 7.2.0 through Interim Fix 001 allows an attacker with administrative privileges to execute arbitrary code via an exposed method that is not properly restricted (CWE-749). At time of analysis there is no public exploit identified and EPSS is very low (0.01%), but the SSVC technical impact is rated total, making this a high-impact post-authentication issue against ELM administrators. IBM has published a patch advisory and CVSS is 7.2 (AV:N/AC:L/PR:H/UI:N/C:H/I:H/A:H).

Information Disclosure IBM Engineering Lifecycle Management
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-42012 HIGH PATCH This Week

Improper certificate validation in GnuTLS (CWE-295) lets a remote attacker defeat TLS hostname verification by presenting a certificate that carries URI or SRV Subject Alternative Names, causing GnuTLS to incorrectly fall back to matching the connection's DNS hostname against the certificate's Common Name (CN) and enabling service spoofing or man-in-the-middle interception of sensitive data. The flaw was reported by Red Hat against GnuTLS as shipped in Red Hat Enterprise Linux 6 through 10, OpenShift Container Platform 4, and Red Hat Hardened Images, and carries a CVSS 3.1 base score of 7.1 driven by high integrity impact. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV; exploitation requires the victim to initiate a connection to attacker-controlled infrastructure (UI:R).

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-41401 HIGH PATCH This Week

Heap use-after-free write in libyang before 5.2.6 enables remote authenticated attackers to crash processes or potentially execute code by submitting crafted YANG XML documents to applications using the library for parsing. The flaw resides in lyd_parser_set_data_flags, which mishandles metadata list pointers when freeing non-head default metadata entries. No public exploit identified at time of analysis, EPSS is low at 0.03%, and SSVC rates technical impact as partial with no automatable exploitation.

Use After Free Memory Corruption RCE Libyang
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-3603 HIGH PATCH This Week

XML External Entity (XXE) injection in IBM Engineering Lifecycle Management (ELM) 7.0.3, 7.1.0, and 7.2.0 allows authenticated attackers to disclose sensitive information or exhaust memory resources by submitting crafted XML data to the application. The flaw carries a CVSS 7.1 (High) rating with low attack complexity over the network, but EPSS is only 0.02% (5th percentile) and there is no public exploit identified at time of analysis. SSVC classifies exploitation as 'none' with partial technical impact, indicating low immediate urgency despite the vendor-released patch.

XXE IBM Engineering Lifecycle Management
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-24196 HIGH PATCH This Week

Out-of-bounds read in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest drivers) allows a locally authenticated user to trigger denial of service and information disclosure. The flaw carries a CVSS 3.1 score of 7.1 (AV:L/AC:L/PR:L), and per CISA SSVC there is no public exploit identified at time of analysis (Exploitation: none), with EPSS at 0.01% indicating negligible near-term exploitation likelihood. NVIDIA has published fixed driver versions across all affected branches in advisory ID 5821.

Denial Of Service Information Disclosure Nvidia Buffer Overflow
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-48690 HIGH This Week

Heap corruption in FastNetMon Community Edition through 1.2.9 allows authenticated local users to trigger an integer overflow in the packet capture buffer allocation routine, resulting in undersized allocations followed by out-of-bounds heap writes during packet storage. The flaw stems from 32-bit unsigned arithmetic in allocate_buffer() in src/packet_storage.hpp, where a sufficiently large ban_details_records_count configuration value causes the memory size calculation to wrap. No public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.01%.

Heap Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-14361 HIGH This Week

Missing authorization in the AA-Team Woocommerce Envato Affiliates WordPress plugin (versions up to and including 1.2.1) lets a low-privileged authenticated user invoke functionality that is not properly gated by access-control checks, most likely modifying plugin settings as indicated by the Patchstack advisory slug. Because the action carries a high integrity impact, an attacker holding even a basic account can tamper with configuration that should be reserved for administrators. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-8606 HIGH This Week

Server-Side Request Forgery in GitHub Enterprise Server lets an attacker coerce the appliance into issuing HTTP requests to internal services through the security advisories package-lookup feature, then use response-timing differences as an oracle to infer sensitive environment variables such as signing secrets and private keys. All versions prior to 3.21.1 are affected, and exploitation is unauthenticated on instances not running in private mode (GitHub Packages must be enabled), or available to any authenticated user otherwise. No public exploit identified at time of analysis; the issue was reported through the GitHub Bug Bounty program and carries a CVSS 4.0 base score of 7.0.

SSRF Enterprise Server
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-42462 HIGH PATCH GHSA This Week

Linked Data Signature forgery in Fedify (the @fedify/fedify ActivityPub server framework) before 2.2.3 lets remote unauthenticated attackers reshape a third-party-signed activity so it is interpreted differently while its signature still verifies. Because the signature covers the canonical RDF graph rather than the JSON-LD serialization, an attacker who has received a signed activity can use JSON-LD keywords (@graph, @reverse, @included) or context-alias tricks to promote, hide, or rewrite fields and have the forged result accepted as authentic. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but the GitHub Security Advisory documents the exact restructuring techniques in detail.

RCE Canonical
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-24200 HIGH This Week

Local privilege escalation and code execution in NVIDIA Virtual GPU Manager arises from a use-after-free on stack memory within the vGPU hypervisor component. Authenticated local attackers on the host or guest side of an affected vGPU deployment (vGPU branches 16.x through 20.x) can trigger memory corruption that may yield DoS, info disclosure, data tampering, or arbitrary code execution. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC rates technical impact as total.

Nvidia Memory Corruption RCE Information Disclosure Use After Free +2
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-46284 HIGH PATCH This Week

Local privilege escalation in Apple macOS allows a malicious or compromised application to win a race condition (CWE-362) and elevate from a normal user context to root. The flaw affects macOS releases prior to Sequoia 15.7 and Tahoe 26, was reported by Apple itself, and is resolved by additional validation in the patched builds. No public exploit has been identified at time of analysis, and the CVSS 7.0 rating reflects high attack complexity tied to reliably hitting the timing window.

Race Condition Apple Information Disclosure
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-44775 MEDIUM PATCH This Month

Unauthenticated content enumeration in Kavita reading server (all versions prior to 0.9.0) exposes every page image across all server libraries to remote attackers without any credentials. The ReaderController.GetImage endpoint is decorated with ASP.NET's [AllowAnonymous] attribute, and while it accepts an apiKey parameter as a nominal access control, that parameter is never validated server-side - rendering it entirely decorative. Sequential integer entity IDs allow trivial full-library enumeration with nothing more than an HTTP client. No public exploit or CISA KEV listing exists at time of analysis, but the zero-friction exploitation path makes any publicly exposed instance a meaningful data-exposure risk.

Authentication Bypass Kavita
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-9521 LOW POC PATCH Monitor

Improper type validation in fraillt bitsery's smart pointer deserialization extension exposes applications that process attacker-controlled serialized data to partial confidentiality, integrity, and availability compromise. The vulnerable function loadFromSharedState in include/bitsery/ext/std_smart_ptr.h fails to validate polymorphic type identity before performing reinterpret_cast operations, allowing a remote unauthenticated attacker to supply crafted serialized input that triggers unsafe memory access. A publicly available proof-of-concept exploit exists (GitHub gist), though EPSS remains very low at 0.07% (21st percentile) and this CVE is not listed in CISA KEV, suggesting no observed widespread exploitation at time of analysis.

Information Disclosure Bitsery
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-25901 MEDIUM This Month

Cross-site scripting in Joomla! CMS's multilingual associations component (com_associations) allows an authenticated high-privilege attacker to inject malicious scripts that execute in another user's browser session, yielding high confidentiality impact on the vulnerable system. Affected installations span Joomla! CMS 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0. SSVC assessment lists exploitation as none, EPSS is 0.04% (13th percentile), and no public exploit code or CISA KEV listing exists, indicating this is a low-urgency but genuine privilege-escalation-adjacent risk in multi-administrator Joomla environments.

XSS Joomla Cms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-25900 MEDIUM This Month

Stored cross-site scripting in Joomla! CMS feed modules allows a high-privileged authenticated attacker to inject unsanitized content that executes in the browser context of a victim user who passively views the affected feed output. Affecting the broad version spans of 3.0.0 through 5.4.5 and 6.0.0 through 6.1.0, the root cause is a failure to apply output escaping before rendering feed module data. No public exploit has been identified at time of analysis, and SSVC confirms no current active exploitation.

XSS Joomla Cms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-30895 MEDIUM This Month

Reflected or stored cross-site scripting in Joomla! CMS com_content component allows a high-privileged attacker to inject unescaped output into readmore links, executing arbitrary JavaScript in a victim's browser upon interaction. Affected releases span Joomla! CMS 4.0.0-5.4.5 and 6.0.0-6.1.0. No public exploit code has been identified and CISA KEV does not list this vulnerability, but a vendor security advisory has been published at the Joomla Security Centre.

XSS Joomla Cms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-30894 MEDIUM This Month

Cross-site scripting in Joomla! CMS content history component (com_contenthistory) allows a high-privileged attacker to inject persistent malicious scripts due to missing output escaping, leading to confidentiality compromise of the vulnerable system when a victim views affected history entries. Confirmed affected versions span Joomla! CMS 3.0.0-5.4.5 and 6.0.0-6.1.0 across an exceptionally wide installed base. No public exploit code exists and the vulnerability is not in the CISA KEV catalog; EPSS of 0.04% (13th percentile) confirms no observed widespread exploitation at time of analysis.

XSS Joomla Cms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-41207 MEDIUM PATCH GHSA This Month

Silent cryptographic key failure in Netty's OHTTP codec exposes HPKE response encryption to full key prediction. When HKDF_expand or EVP_HPKE_CTX_export fails internally, the library returns a zero-filled byte array rather than propagating the error, and that all-zero material is consumed directly by OHttpCrypto.createResponseAEAD() without any validation. Any OHTTP response encrypted under a failure-induced all-zero AEAD key is fully decryptable by any attacker who knows this behavior exists - the key is deterministic and universal. No public exploit has been identified at time of analysis, and this CVE is not listed in CISA KEV.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35221 MEDIUM This Month

Blind SQL injection in the com_finder (Smart Search) component of Joomla! CMS allows authenticated high-privilege users to extract confidential data from the underlying database across versions 5.4.0-5.4.5 and 6.0.0-6.1.0. The vulnerability stems from improperly constructed SQL filter clauses in search queries that permit attacker-controlled input to alter query logic. No public exploit has been identified at time of analysis, CISA has not added this to the KEV catalog, and EPSS probability sits at 0.03%, signaling minimal observed exploitation pressure.

SQLi Joomla Cms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-45413 MEDIUM PATCH This Month

MaxKB, an open-source enterprise AI assistant by 1Panel-dev, stores user passwords as unsalted MD5 hashes, exposing all user credentials to trivial offline cracking upon any database compromise. All versions prior to 2.9.1 are affected (CPE: cpe:2.3:a:1panel-dev:maxkb). The CVSS 4.0 vector (AV:L/VC:H) confirms that while local or database-level access is a prerequisite, once hashes are obtained, full credential recovery is practically guaranteed using rainbow tables or GPU-accelerated tools such as hashcat - no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Maxkb
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-48903 MEDIUM This Month

Cross-site scripting in the Joomla! Framework Filter package exposes applications to script injection through inadequately sanitized HTML attribute values in the checkAttribute methods. Authenticated users holding high-level privileges can inject malicious content that executes in the browser of any user who subsequently views the affected page. No public exploit has been identified at time of analysis, and an EPSS score of 0.01% at the 0th percentile confirms minimal current exploitation interest across the security community.

XSS Joomla Framework Filter Package
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-48905 MEDIUM This Month

Inadequate HTML attribute sanitization in the cleanattributes() function of the Joomla! Framework Filter package exposes a cross-site scripting (XSS) vector across versions 1.0.0-3.0.5 and 4.0.0-4.0.1. An attacker holding high-privileged (administrative) access can inject malicious script content through unfiltered HTML attributes; when a victim user passively views that content, the payload executes in their browser, yielding high confidentiality impact (VC:H) consistent with session token or credential theft. No public exploit code exists and this vulnerability is not listed in CISA KEV, placing real-world risk well below what the CVSS 6.9 base score might initially suggest.

XSS Joomla Framework Filter Package
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35222 MEDIUM This Month

Authenticated blind SQL injection in Joomla! CMS's com_tags component allows high-privileged attackers to exfiltrate database contents by supplying maliciously crafted ORDER BY clauses that are not properly validated. Affected versions span two distinct release trains: the 4.x/5.x line (4.0.0 through 5.4.5) and the 6.x line (6.0.0 through 6.1.0), meaning the vulnerability persists across both legacy and current major releases. No public exploit code has been identified at time of analysis, and the EPSS score of 0.00% indicates negligible automated exploitation probability, though the high-privilege requirement significantly limits the realistic attacker pool.

SQLi Joomla Cms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-44707 MEDIUM PATCH This Month

Pre-Account Takeover in Chatwoot's OmniAuth integration affects all releases from 2.14.0 through 4.12.x, allowing an attacker who pre-registers a victim's email address to retain persistent login access after the legitimate owner authenticates via Google OAuth. The OAuth callback controller failed to invalidate attacker-set password credentials when confirming a pre-existing unconfirmed account, leaving the attacker's session viable indefinitely. No public exploit identified at time of analysis and EPSS is 0.04% (12th percentile), consistent with SSVC's 'Exploitation: none' finding, though SSVC rates technical impact as 'total' given the attacker gains full workspace access including PII, API keys, and conversation history.

Information Disclosure Google Chatwoot
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-9534 LOW POC Monitor

OS command injection in Totolink CA750-PoE 6.2c.510 allows a low-privileged remote attacker to execute arbitrary operating system commands by manipulating the PIN argument passed to the setWiFiWpsConfig function within /cgi-bin/cstecgi.cgi. The attack requires no user interaction and is reachable over the network, making it a credible threat to any deployment exposing the device's management interface. A public proof-of-concept exploit has been published on GitHub, and EPSS places this at the 87th percentile of exploitation likelihood despite a low raw CVSS 4.0 score of 2.1 - a signal worth noting against the mismatch.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-9533 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 enables remote attackers with low-level credentials to execute arbitrary operating system commands via the fwUrl and magicid parameters of the recvUpgradeNewFw function within /cgi-bin/cstecgi.cgi. The firmware upgrade Setting Handler fails to sanitize user-supplied input before passing it to the underlying OS shell, exposing the device to command execution. A public proof-of-concept exploit is available on GitHub; while not yet listed in CISA KEV, the EPSS 87th-percentile ranking signals elevated real-world exploitation interest relative to the broader vulnerability landscape.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-9532 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary shell commands by manipulating the FileName argument passed to the setUploadUserData function within the /cgi-bin/cstecgi.cgi Setting Handler. A public proof-of-concept exploit is available on GitHub, meaningfully lowering the skill barrier for adversaries. While not listed in CISA KEV, the EPSS score of 2.95% at the 87th percentile signals real-world exploitation probability well above average, making this a higher practical risk than the CVSS 4.0 base score of 2.1 alone would suggest.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-9531 LOW POC Monitor

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a network-adjacent authenticated attacker to execute arbitrary operating system commands by manipulating the FileName argument passed to the setUpgradeUboot function within the /cgi-bin/cstecgi.cgi Setting Handler. Publicly available exploit code exists, hosted on GitHub, making exploitation accessible to low-skilled attackers. No public exploit identified in CISA KEV at time of analysis, though the EPSS 87th percentile ranking signals elevated exploitation interest relative to the broader CVE population despite a low absolute probability of 2.95%.

Command Injection Ca750 Poe
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
2.9%
CVE-2026-48685 MEDIUM This Month

Out-of-bounds memory access in FastNetMon Community Edition through 1.2.9 allows an authenticated BGP peer to crash the monitoring process by sending a crafted UPDATE message. The parser in src/bgp_protocol.hpp correctly detects the RFC 4271 Extended Length flag but reads only one byte of the mandatory two-byte length field, silently truncating attribute lengths above 255 bytes and causing cascading misparse of subsequent BGP data. With CVSS availability impact rated High and SSVC confirming no known active exploitation, this is a targeted denial-of-service risk primarily affecting network operators using FastNetMon for DDoS detection - no public exploit code identified at time of analysis.

Buffer Overflow N A
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy