Skip to main content
CVE-2026-45247 CRITICAL POC KEV PATCH THREAT NEWS Act Now

Remote code execution in Mirasvit Full Page Cache Warmer for Magento 2 before 1.11.12 allows unauthenticated attackers to execute arbitrary code by sending a crafted serialized PHP object in the CacheWarmer cookie. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and successful exploitation chains Magento and dependency gadget chains via an unsafe call to unserialize(). Despite a low EPSS score (0.10%), KEV listing and CVSS 9.3 indicate this is a high-priority patch for any Magento 2 store running the module.

PHP Adobe Deserialization RCE Full Page Cache Warmer For Magento 2
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
Threat
4.9
CVE-2026-4480 CRITICAL POC PATCH Act Now

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via crafted print job descriptions. The flaw stems from unescaped expansion of the client-controlled '%J' substitution token into the configured 'print command', enabling shell metacharacter injection. No public exploit has been identified at time of analysis, and EPSS scores exploitation probability at only 0.08%, but CVSS 9.0 with scope change reflects high potential impact on any Samba host exposing print services.

RCE Command Injection Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +3
NVD VulDB
CVSS 3.1
9.0
EPSS
0.1%
CVE-2026-7251 CRITICAL CISA Emergency

Hard-coded VNC password in the Eppendorf BioFlo 320 bioprocess control system allows any remote attacker who can reach the device on the network to take full control of its user interface without authentication. The flaw (CWE-259) is rated CVSS 9.3 and carries an SSVC technical impact of 'total' with automatable exploitation, though no public exploit has been identified at time of analysis and EPSS is low at 0.10%.

Authentication Bypass Bioflo 320
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-46624 CRITICAL Act Now

Remote code execution in Twenty CRM versions 1.7.7 through 1.16.7 allows authenticated users to execute arbitrary OS commands on the database server by chaining SQL injection in the REST API groupBy endpoint with PostgreSQL's COPY TO PROGRAM functionality. The unsanitized timeZone parameter is interpolated directly into raw SQL via JavaScript template literals, and exploitation succeeds whenever the application's Postgres role holds superuser privileges. Publicly available exploit code exists per SSVC, though EPSS scoring (0.15%) suggests exploitation activity has not yet become widespread.

RCE SQLi PostgreSQL Command Injection Twenty
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-7374 CRITICAL PATCH GHSA Act Now

Privilege escalation to cluster-wide control in KubeVirt's virt-handler component (as shipped in Red Hat OpenShift Virtualization 4) allows a namespace-scoped OpenShift user with edit permissions to hijack the virt-handler's privileged Unix socket connection via a symlink swap on a virtual machine console socket. Successful exploitation leads to interaction with arbitrary host Unix sockets, including CRI-O, enabling node takeover and cluster compromise. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.12%, 30th percentile), but CVSS is 9.9 with a scope change reflecting the host/cluster blast radius.

Information Disclosure Red Hat Openshift Virtualization 4
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-44450 CRITICAL PATCH Act Now

Remote code execution in Lumiverse AI chat application prior to 0.9.7 allows any authenticated user to run arbitrary OS-level commands on the server by abusing the MCP server creation endpoint. Although the endpoint allowlists binary names (node, bun, python3, deno), it forwards user-controlled args unfiltered to the child process, and every allowed binary supports inline code execution flags (-e or -c). No public exploit identified at time of analysis, but the CVSS 9.9 rating reflects the trivial exploit path and the fact that the server binds on all interfaces with a bypassable host-header rebinding check.

RCE Lumiverse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-8633 CRITICAL PATCH Act Now

Remote code execution in IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5 and 9.0 allows unauthenticated network attackers to execute arbitrary code via a specially crafted HTTP request. The CVSS 9.8 rating reflects complete confidentiality, integrity, and availability impact with no authentication or user interaction required, though EPSS scores it at only 0.20% probability and CISA SSVC reports no current exploitation. No public exploit has been identified at time of analysis, but IBM has released a patch.

Code Injection IBM RCE Web Server Plug Ins For Websphere Application Server And Websphere Liberty
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-44668 CRITICAL PATCH Act Now

Unauthenticated authorization bypass in FACTION pentesting report framework prior to 1.8.3 allows remote attackers to read, modify, deactivate, and delete any boilerplate report template without credentials. The flaw stems from AccessControlInterceptor invoking actions without session validation, compounded by four BoilerPlateConfig action methods that perform no local auth check. No public exploit identified at time of analysis, though EPSS is low (0.15%) and SSVC rates exploitation as POC with total technical impact.

Authentication Bypass Faction
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-9170 CRITICAL PATCH Act Now

Remote code execution and denial of service in IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5 and 9.0 stem from improper input validation (CWE-444 HTTP Request Smuggling). Unauthenticated network attackers can send crafted requests that desynchronize the plug-in's request parsing, potentially achieving full compromise of the application tier. No public exploit identified at time of analysis, and EPSS remains low (0.06%), but the vendor confirms a patch and CISA SSVC rates the technical impact as total with automatable exploitation.

Denial Of Service IBM Request Smuggling RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-9642 CRITICAL Act Now

Unauthenticated remote database access in Delta Electronics DIAView allows network-based attackers to reach configured project databases without credentials, bypassing the prior mitigation issued for CVE-2025-62582. The flaw carries a CVSS 9.8 rating with full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis, but the original CVE it incompletely patches has known prior research from Tenable.

Authentication Bypass Diaview
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-3660 CRITICAL PATCH Act Now

Authorization bypass in IBM Engineering Lifecycle Management (ELM) 7.0.3, 7.1.0, and 7.2.0 allows unauthenticated remote attackers to modify server property files and gain unauthorized access to the application. The flaw carries a critical CVSS 9.8 score with full confidentiality, integrity, and availability impact, and IBM has released Interim Fixes addressing it. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.03%, 10th percentile).

Authentication Bypass IBM Engineering Lifecycle Management
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-48686 CRITICAL Act Now

Stack-based buffer overflow in FastNetMon Community Edition through 1.2.9 allows remote unauthenticated attackers to achieve arbitrary code execution by sending a crafted BGP UPDATE message containing a malformed NLRI prefix length value. The vulnerable function decode_bgp_subnet_encoding_ipv4_raw() in src/bgp_protocol.cpp reads prefix_bit_length directly from the wire without bounding it to the IPv4 maximum of 32, enabling a memcpy of up to 32 bytes into a 4-byte stack variable - a potential 28-byte stack smash. Despite a critical CVSS score of 9.8 and SSVC technical impact rated 'total', EPSS sits at just 0.02% (7th percentile) and SSVC exploitation status is 'none', indicating no known active exploitation at time of analysis; however, a public security research writeup from Lorikeetsecurity exists that details the flaw.

Buffer Overflow RCE N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-48902 CRITICAL Act Now

Transport encryption downgrade in Joomla! CMS password and username reset workflows causes reset links to be generated with plain HTTP URLs instead of HTTPS when the 'Force SSL' configuration flag is not explicitly enabled. Affected installations span Joomla! 3.9.0 through 5.4.5 and 6.0.0 through 6.1.0, exposing reset tokens to network interception. No public exploit identified at time of analysis, and EPSS scores exploitation probability at 0.02% (5th percentile) despite the 9.8 CVSS rating.

Information Disclosure Joomla Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-48691 CRITICAL Act Now

Heap buffer overflow in FastNetMon Community Edition through 1.2.9 originates from a CWE-190 integer overflow in the BGP AS_PATH attribute encoder (IPv4UnicastAnnounce::get_attributes() in src/bgp_protocol.hpp). When an AS_PATH carries more than 63 ASNs, the computed attribute length is silently truncated into a uint8_t field used for buffer sizing while the full data is still written, corrupting the heap. The CVSS 9.8 score implies remote unauthenticated code execution, though the flaw lives in FastNetMon's outbound BGP announcement encoder; no public exploit is identified at time of analysis and no EPSS or KEV data was supplied.

Integer Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-48687 CRITICAL Act Now

OS command injection in FastNetMon Community Edition (through 1.2.9) lets attacker-controlled input reach an unescaped exec() call inside the Juniper router integration plugin, enabling arbitrary shell command execution on the host. The flaw lives in the _log() function of src/juniper_plugin/fastnetmon_juniper.php, where the $msg argument (built from argv[1]-argv[3]: attack IP, direction, power) is concatenated directly into a shell command. Although rated CVSS 9.8, practical exploitation is gated: FastNetMon's C++ core currently feeds IPs through inet_ntoa(), which only yields safe dotted-decimal strings, so injection requires the script to be driven directly or by a third-party orchestrator. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Command Injection PHP Juniper N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-48689 CRITICAL Act Now

Remote code execution in FastNetMon Community Edition through 1.2.9 stems from an off-by-one heap write in the pervasively-used dynamic_binary_buffer_t class, reachable by anyone who can send NetFlow, sFlow, IPFIX, or BGP traffic to the DDoS-detection appliance. Because the flawed buffer is exercised during BGP encoding/decoding, NetFlow template parsing, and Flow Spec NLRI construction, an unauthenticated network attacker can corrupt adjacent heap metadata and potentially execute arbitrary code. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N), but no public exploit is identified at time of analysis and it is not listed in CISA KEV.

RCE Buffer Overflow Memory Corruption N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-9560 CRITICAL Act Now

Local privilege escalation in OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows unprivileged local users to execute arbitrary OS commands as root by abusing an exposed local IPC channel to the privileged background service. The flaw carries a CVSS 4.0 score of 9.4 with scope change (SC:H/SI:H/SA:H), and SSVC rates technical impact as total, though there is no public exploit identified at time of analysis and EPSS is only 0.04%.

Apple Privilege Escalation Command Injection Openvpn Connect
NVD VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-47202 CRITICAL PATCH Act Now

Authentication bypass in Kavita reading server versions prior to 0.9.0.2 allows remote unauthenticated attackers to obtain a valid JWT for any user account, including administrators, given only knowledge of the target username. The flaw stems from improper token validation logic and enables full account takeover without credentials. No public exploit identified at time of analysis, though SSVC rates technical impact as total and automatable.

Authentication Bypass Kavita
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-44451 CRITICAL PATCH Act Now

Sandbox escape in Lumiverse AI chat application versions prior to 0.9.7 allows remote attackers to execute arbitrary JavaScript in a victim's authenticated session by delivering a malicious theme pack (.lumitheme / .lumiverse-theme). The component override system's Sucrase-transpiled TSX sandbox is bypassed via string concatenation of blocked identifiers and DOM ref traversal to retrieve the real window object, defeating both static source validation and runtime global shadowing. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-rgp6-55rw-5xf4) documents the exact bypass technique.

Authentication Bypass Lumiverse
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-2264 CRITICAL PATCH Act Now

Server-Side Request Forgery in Google Cloud Apigee-X's SetIntegrationRequest policy enables remote attackers to coerce the API gateway into making attacker-controlled requests and exfiltrate service account access tokens from the underlying GCP metadata service. The flaw affects Apigee-X versions prior to 1.14.4, 1.15.2, and 1.16.1, but exploitation requires an administrator to have first deployed an API proxy with an insecure configuration. With no public exploit identified and a low EPSS score of 0.14%, the issue carries CVSS 9.2 severity primarily due to the high confidentiality and integrity impact on cloud credentials.

Google SSRF Apigee X
NVD
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-42496 CRITICAL PATCH Act Now

Symlink-based path traversal in the Perl module Archive::Tar before version 3.08 allows a malicious tar archive to write or point files outside the intended extraction directory. When an application extracts an attacker-supplied archive, symlink entries whose targets are absolute paths or contain '..' traversal sequences are followed without validation, letting an attacker place links that resolve to arbitrary filesystem locations. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but the issue is rated CVSS 9.1 because Archive::Tar is widely embedded in automated server-side processing of untrusted archives.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-44444 CRITICAL PATCH Act Now

Host-level code execution in Lumiverse AI chat application (versions prior to 0.9.7) allows admin-authenticated attackers to run arbitrary commands on the host by submitting a malicious Spindle extension whose package.json defines lifecycle scripts. The Spindle build pipeline invokes bun install before its static safety scan and without script execution disabled, so code runs at install time on the server rather than at runtime in any sandboxed bundle. No public exploit identified at time of analysis.

Command Injection RCE Lumiverse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-44449 CRITICAL PATCH Act Now

Argument injection in Lumiverse AI chat application before version 0.9.7 enables authenticated high-privilege attackers to execute arbitrary OS commands on the host. When the primary toSmbPath(fullPath) routine throws, a fallback path concatenates the unvalidated basename into an smbclient -c script, where ';' acts as a subcommand separator and '!cmd' triggers a local shell escape. No public exploit identified at time of analysis, and the issue is not currently in CISA KEV.

Information Disclosure Lumiverse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy