Skip to main content
CVE-2026-9543 HIGH POC This Week

OS command injection in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the admpass argument sent to the setPasswordCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the SSVC framework rates technical impact as total with automatable exploitation, though EPSS remains low at 0.20%. The flaw is reachable over the network without authentication or user interaction, giving an attacker full control of the device.

Command Injection N300Rh
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.2%
CVE-2026-46368 HIGH POC This Week

Authenticated command injection in luci-app-https-dns-proxy through version 2025.12.29-5 allows a low-privileged LuCI user holding the luci.https-dns-proxy ACL permission to execute arbitrary commands as root on OpenWrt devices via shell metacharacters in the 'name' parameter of a ubus RPC call to setInitAction. Publicly available exploit code exists (Exploit-DB 52521, VulnCheck advisory), though EPSS remains low at 0.06% and the package is an optional community add-on not installed by default. Core OpenWrt installations are unaffected; only systems that explicitly opted into this LuCI add-on are at risk.

Command Injection Luci App Https Dns Proxy
NVD Exploit-DB GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-42785 HIGH POC This Week

Remote code execution in OpenKM Community Edition (≤6.3.12) and Professional Edition (≤7.1.47) allows authenticated administrators to execute arbitrary Java/BeanShell code via the /admin/Scripting endpoint using the action=Evaluate parameter. Publicly available exploit code exists (Exploit-DB 52520 and a Nuclei template from Terra System Labs), though no active exploitation has been confirmed in CISA KEV; EPSS sits at 0.42% (62th percentile), reflecting moderate-but-not-widespread interest.

Code Injection Java RCE Openkm Community Edition Openkm Professional Edition
NVD Exploit-DB GitHub VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-42425 HIGH POC This Week

Authenticated SQL injection in OpenKM Community Edition (≤6.3.12) and Professional Edition (≤7.1.47) lets administrative users execute arbitrary SQL against the application database through the /admin/DatabaseQuery endpoint's qs parameter. Publicly available exploit code exists (Exploit-DB 52520 and a Nuclei template from Terra System Labs), enabling dumping of password hashes from OKM_USER, permission tampering, and data destruction. EPSS is very low (0.03%) and the bug requires high privileges (PR:H), so real-world risk is bounded but meaningful for any internet-facing OpenKM instance with weak admin credentials.

Information Disclosure SQLi Openkm Community Edition Openkm Professional Edition
NVD Exploit-DB GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-11482 HIGH PATCH CISA Act Now

Denial of service in B&R Industrial Automation PPT30 Operating System versions before 1.8.0 allows unauthenticated network attackers to permanently disable the OPC-UA Server through resource exhaustion. The flaw stems from missing throttling on resource allocation (CWE-770) and carries a CVSS 4.0 score of 8.7 due to high availability impact via the network with no privileges or user interaction. EPSS is low at 0.04% and no public exploit has been identified at time of analysis, though SSVC marks the issue as automatable with partial technical impact.

Denial Of Service Ppt30 Operating System
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-8890 HIGH This Week

Authentication bypass in code100x CMS Mobile API allows unauthenticated remote attackers to impersonate any enrolled user or administrator by supplying a crafted JSON payload in the 'g' HTTP header alongside an unvalidated 'Auth-Key' header. The middleware shortcuts identity verification whenever an Auth-Key is present without checking its value, letting downstream mobile course endpoints trust attacker-supplied identity claims. Publicly available exploit code exists via the upstream GitHub PR diff, though EPSS probability remains low at 0.08%.

Authentication Bypass Code100X
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-24187 HIGH PATCH This Week

Local privilege escalation and code execution in the NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest/Manager components) stems from a use-after-free memory corruption flaw (CWE-416) that a local low-privileged user can trigger to compromise the kernel-level driver. The scope-changed CVSS 8.8 score reflects that successful exploitation crosses a trust boundary, potentially yielding code execution, privilege escalation, information disclosure, data tampering, or denial of service. EPSS is 0.01% (1st percentile) and there is no public exploit identified at time of analysis, but a vendor patch is available across all affected branches.

Nvidia Memory Corruption RCE Information Disclosure Use After Free +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8676 HIGH PATCH This Week

Bluetooth LE bond downgrade in Silicon Labs Simplicity SDK allows an adjacent attacker to weaken connection security by deleting an existing bond, impersonating the previously bonded peer, and forcing a new pairing under attacker-controlled parameters. The flaw enables compromise of confidentiality, integrity, and availability of BLE communications on devices built with the affected SDK, and no public exploit has been identified at time of analysis.

Authentication Bypass Simplicity Sdk
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8047 HIGH PATCH This Week

Denial of service in CODESYS Control runtime products and HMI/Toolkit components allows unauthenticated remote attackers to crash affected industrial control systems by sending malformed HTTP requests that trigger a size-limited out-of-bounds write during length parsing. The flaw affects a broad range of CODESYS runtime variants used across PLCs, industrial PCs, and embedded controllers from vendors like Beckhoff, WAGO, and Raspberry Pi-based deployments. No public exploit identified at time of analysis, EPSS is low (0.07%), but the network-reachable, no-privileges-required attack surface makes this operationally significant for OT environments.

Denial Of Service Buffer Overflow Codesys Control Rte Sl Codesys Control Rte For Beckhoff Cx Sl Codesys Control Win Sl +13
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-40033 HIGH PATCH This Week

Heap buffer overflow in FreeRDP versions prior to 3.26.0 allows a malicious RDP server to write out-of-bounds heap memory on connecting clients through the gdi_CacheToSurface function, potentially leading to remote code execution or client crash. The flaw stems from inconsistent rectangle validation where coordinates are clamped to UINT16_MAX but copy operations use unclamped cache entry dimensions. Publicly available exploit code exists per SSVC, though EPSS exploitation probability remains low at 0.06%.

Heap Overflow Buffer Overflow RCE Freerdp
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-43982 HIGH PATCH This Week

Path traversal in Algernon web server versions prior to 1.17.6 allows remote unauthenticated attackers to write uploaded files outside the intended directory by supplying a directory parameter containing ../ sequences. The flaw in uploadedFileSaveIn() within lua/upload/upload.go fails to validate the joined path after filepath.Join(), so a value like ../../../tmp resolves to /tmp on the host. No public exploit identified at time of analysis, and EPSS is very low (0.05%), but CISA SSVC flags the issue as automatable with partial technical impact.

Path Traversal Algernon
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-44669 HIGH PATCH This Week

Stored cross-site scripting in Faction (a penetration testing report generation and collaboration framework) versions prior to 1.8.3 allows authenticated low-privilege users to persist attacker-controlled JavaScript via attachment filenames that are later rendered without output encoding when other users preview assessment files. Because payloads execute in privileged victims' browsers under the application origin, an attacker can hijack manager or admin sessions; SSVC rates technical impact as total though EPSS sits at 0.03% (10th percentile) and no public exploit identified at time of analysis.

XSS Faction
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-44667 HIGH PATCH This Week

Stored cross-site scripting in Faction penetration testing platform versions prior to 1.8.3 allows authenticated users to inject JavaScript via crafted attachment filenames in remediation verification flows, which then executes in the browser of any user viewing the affected verification or remediation views. With CVSS scope-changed impact (S:C) and high confidentiality and integrity impact, exploitation can hijack privileged manager or assessor sessions; no public exploit identified at time of analysis and EPSS sits at 0.03% (10th percentile).

XSS Faction
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-44729 HIGH This Week

Stored cross-site scripting in Twenty CRM versions 1.18.0 and earlier allows authenticated users to upload HTML/JavaScript files that the application then serves without security headers, enabling execution in the CRM's origin. Successful exploitation leads to session hijacking, account takeover, and theft of CRM data. No public exploit identified at time of analysis, and EPSS exploitation probability is 0.03% (10th percentile), though SSVC rates technical impact as total.

XSS Twenty
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-35223 HIGH This Week

Authorization bypass in Joomla CMS com_config webservice endpoints allows authenticated attackers with high privileges to access configuration data they should not be permitted to reach, impacting confidentiality, integrity, and availability of the affected site. The flaw spans Joomla 4.0.0-5.4.5 and 6.0.0-6.1.0 and was disclosed by the Joomla! Project itself with a CVSS 4.0 base of 8.6. No public exploit identified at time of analysis and EPSS is very low at 0.04%.

Authentication Bypass Joomla Cms
NVD VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-42089 HIGH PATCH GHSA This Week

Arbitrary package installation leading to code execution affects the yeoman-environment npm library (the runtime behind the Yeoman/`yo` scaffolding CLI) in versions >= 2.9.0 and < 6.0.1. The vulnerable `installLocalGenerators()` method silently calls `repository.install()` on caller-supplied package names without any user confirmation, so a downstream CLI that passes attacker-controlled project configuration into this path will install and execute attacker-chosen packages during bootstrap. There is no public exploit identified at time of analysis and the issue is not on CISA KEV; CVSS is 8.6 (high) but exploitation is contingent on how consumers feed configuration into the library.

RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-44706 HIGH PATCH This Week

SQL injection in Chatwoot versions 2.2.0 through 4.11.1 allows any authenticated account user to execute arbitrary SQL via time-based blind injection by abusing unparameterized values in custom-attribute filter operators on the conversation, contact, and custom attribute definition APIs. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.03%, 8th percentile), but CVSS 8.5 with scope-changed confidentiality impact reflects the ability to read data beyond the attacker's account boundary. The vulnerability is fixed in Chatwoot 4.11.2.

SQLi Chatwoot
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-40034 HIGH POC PATCH GHSA This Week

Command injection in the gitoxide Rust library (gix-submodule crate before 0.82.0, gix before 0.83.0) allows attackers controlling a repository's .gitmodules file to bypass the CommandForbiddenInModulesConfiguration guard and achieve arbitrary command execution when Submodule::update() runs against a previously-initialized submodule. The flaw stems from gix_submodule::File::update() checking only whether a same-named section exists in .git/config rather than verifying that the update value itself originated from that trusted source, so an attacker-supplied 'update = !cmd' falls through to execution. Publicly available exploit code exists (PoC referenced by VulnCheck and Anthropic), though EPSS is low (0.02%) and the issue is not in CISA KEV.

RCE Command Injection Gitoxide
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-44469 HIGH PATCH This Week

Local privilege escalation in CODESYS Development System versions 3.0.0.0 through 3.5.22.19 allows a low-privileged local attacker to win a TOCTOU race condition during administrative installation, swapping verified installer files for malicious ones before they execute with elevated rights. The flaw stems from insecure default permissions on the temporary extraction directory used by the installer. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.01%, 1st percentile).

Privilege Escalation Codesys Development System
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-44468 HIGH PATCH This Week

Local privilege escalation in CODESYS Development System versions 3.0.0.0 through 3.5.22.20 allows low-privileged users on a Windows host to tamper with a temporary component manifest written during administrative installation, forcing deployment of attacker-chosen components with elevated rights. The flaw stems from insecure default permissions (CWE-276) on a directory used during install and was reported by CERT@VDE. EPSS is 0.01% and SSVC reports no observed exploitation, so this is a high-impact but currently low-prevalence local issue.

Privilege Escalation Codesys Development System
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-5260 HIGH PATCH This Week

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap overread against TLS servers that perform legacy RSA key exchange using a private key backed by a PKCS#11 token. By sending an abnormally short premaster secret, the attacker causes the library to read beyond an allocated buffer (CWE-1284), which can leak a small amount of adjacent heap memory and, per the CVSS vector, more strongly impacts availability (A:H). No public exploit has been identified at time of analysis and the issue is not in CISA KEV; EPSS and SSVC data were not provided.

Buffer Overflow Information Disclosure Microsoft Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +5
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-48126 HIGH PATCH GHSA This Week

Path traversal in xyproto's Algernon web server prior to 1.17.8 lets unauthenticated remote attackers escape the document root via a crafted Host header when the server runs with --domain or --letsencrypt. Beyond arbitrary file read and directory listing, any reachable .lua file in the parent directory will be executed server-side, escalating disclosure into code execution. No public exploit is identified at time of analysis, but SSVC marks the issue as automatable with PoC and EPSS sits at the 20th percentile (0.07%).

Path Traversal Algernon
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-48897 HIGH This Week

Authentication bypass in Joomla! CMS 4.0.0-5.4.5 and 6.0.0-6.1.0 allows remote attackers to circumvent multi-factor authentication (MFA) due to insufficient state validation during the login flow. The flaw, tracked as CVE-2026-48897 and reported by the Joomla! project, undermines the integrity protections expected from 2FA and could grant attackers access to accounts whose credentials are already known or guessable. EPSS probability is low (0.04%, 13th percentile) and there is no public exploit identified at time of analysis.

Authentication Bypass Joomla Cms
NVD VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-43981 HIGH PATCH This Week

Denial of service in Algernon web server versions prior to 1.17.6 stems from a race condition in the Lua handler engine where the sync.RWMutex protecting LoadCommonFunctions is released before L.Push() and L.PCall() execute on the non-goroutine-safe gopher-lua LState. Concurrent HTTP requests corrupt the shared Lua VM state, causing server instability. No public exploit identified at time of analysis, and EPSS is very low (0.04%), but reproduction is trivial under modest load (ab -n 1000 -c 100).

Information Disclosure Race Condition Algernon
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-42013 HIGH PATCH This Week

Certificate validation bypass in GnuTLS (as shipped in Red Hat Enterprise Linux 6 through 10, OpenShift Container Platform 4, and Red Hat Hardened Images) lets a remote attacker defeat hostname verification: when a certificate carries an oversized Subject Alternative Name, the library incorrectly abandons SAN matching and falls back to the legacy Common Name field, accepting certificates it should reject. An attacker positioned to intercept traffic can present such a certificate to impersonate a trusted server and conduct spoofing or man-in-the-middle attacks against TLS clients that rely on GnuTLS. There is no public exploit identified at time of analysis, no CISA KEV listing, and no EPSS score in the provided data.

Authentication Bypass Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-48896 HIGH This Week

Two-factor authentication bypass in Joomla! CMS versions 4.0.0-5.4.5 and 6.0.0-6.1.0 allows remote attackers to circumvent MFA checks due to insufficient state validation during the authentication flow. The flaw (CWE-287) was disclosed by the Joomla! project itself and tracked as EUVD-2026-31890; no public exploit identified at time of analysis and EPSS is very low (0.01%, 2nd percentile), but the integrity impact is high since attackers reaching this path effectively defeat the second authentication factor.

Authentication Bypass Joomla Cms
NVD VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-48904 HIGH This Week

Privilege escalation in Joomla! CMS versions 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0 allows remote attackers to abuse an improper access check in the com_users group editing webservice endpoint to elevate privileges. The CVSS 4.0 vector indicates network-reachable exploitation without authentication or user interaction, with high impact to integrity but no confidentiality or availability impact. There is no public exploit identified at time of analysis and EPSS is effectively 0%, but the vendor advisory confirms the access-control flaw.

Authentication Bypass Joomla Cms
NVD VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-48898 HIGH This Week

Privilege escalation in Joomla! CMS versions 4.0.0-5.4.5 and 6.0.0-6.1.0 allows remote attackers to abuse the com_users batch task due to an improper access check (CWE-284). The flaw enables unauthorized modification of user accounts and elevation of privileges across affected installations, with no public exploit identified at time of analysis. EPSS scoring is 0.00% and the vulnerability is not listed in CISA KEV, but the CVSSv4 base score of 8.2 reflects high integrity impact.

Authentication Bypass Privilege Escalation Joomla Cms
NVD VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-8855 HIGH PATCH This Week

Remote code execution and denial of service in IBM HTTP Server 8.5 and 9.0 affects deployments configured with TLS mutual (client certificate) authentication, where an attacker can trigger code injection (CWE-94) over the network without prior authentication. The flaw carries a CVSS 8.1 score with high attack complexity, and IBM has published a patch (advisory node/7274065); no public exploit has been identified at time of analysis and SSVC marks exploitation as 'none' with total technical impact.

Denial Of Service Code Injection IBM RCE Http Server
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-43935 HIGH PATCH This Week

Host Header Injection in e107 CMS versions prior to 2.3.4 allows remote attackers to poison password reset emails by manipulating the HTTP Host header, producing reset links that point to attacker-controlled domains. Successful exploitation enables credential harvesting and full account takeover, including administrator accounts, when a victim clicks the malicious reset link. Publicly available exploit code exists per SSVC, though EPSS (0.13%) suggests low broad-scale exploitation activity and the issue is not on the CISA KEV list.

Code Injection E107
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-48132 HIGH This Week

Denial of service in Check Point Quantum Security Gateway allows remote unauthenticated attackers to crash the VPN processing service by sending specially crafted IKE packets over NAT-T (UDP/4500). Multiple supported releases (R81.10 and below, R81.20, R82, R82.10) are affected up to specific Jumbo Hotfix takes. No public exploit identified at time of analysis, and EPSS is low at 0.06% (17th percentile), suggesting limited near-term exploitation likelihood despite the 8.1 CVSS score.

Denial Of Service Information Disclosure Buffer Overflow Quantum Security Gateway
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-48695 HIGH This Week

OS command injection in FastNetMon Community Edition through 1.2.9 lets an authenticated network attacker execute arbitrary shell commands via the MikroTik router integration plugin by influencing argv[] values passed to the unsanitized _log() function. The flaw mirrors a previously disclosed Juniper plugin issue in the same project, and while a public technical write-up exists at lorikeetsecurity.com, no public exploit code or active exploitation has been identified, with EPSS at 0.05% (17th percentile).

PHP Mikrotik Juniper Command Injection N A
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-48694 HIGH This Week

Configuration injection in FastNetMon Community Edition through 1.2.9 allows an attacker who controls the attacker IP string passed to the Juniper integration plugin to inject arbitrary Juniper NETCONF set/delete commands, leading to full router compromise. The flaw lives in the PHP-based Juniper plugin where unsanitized argv input is interpolated into NETCONF commands, and although no public exploit identified at time of analysis (EPSS 0.03%), the technical impact is rated total under SSVC and CVSS scores 8.1.

PHP Juniper Command Injection N A
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-48692 HIGH This Week

Unauthenticated gRPC API exposure in FastNetMon Community Edition through 1.2.9 allows adjacent network attackers to invoke security-critical RPC methods including ExecuteBan and ExecuteUnBan without credentials. The server explicitly uses grpc::InsecureServerCredentials() on port 50052, enabling attackers to blackhole legitimate traffic via BGP announcements, disable active DDoS mitigations, and trigger external script execution via popen(). No public exploit identified at time of analysis, and EPSS is low at 0.03%, but CISA SSVC rates technical impact as total.

Denial Of Service Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-48131 HIGH This Week

Denial of service in Check Point Quantum Security Gateway allows remote unauthenticated attackers to terminate the VPN service by sending a malformed IKE fragment to UDP port 500 during the early phase of a connection attempt. The flaw affects multiple R81.x, R82, and R82.10 release trains running below specific Jumbo Hotfix Takes; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile).

Denial Of Service Heap Overflow Buffer Overflow Quantum Security Gateway
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-8834 HIGH PATCH This Week

Heap-based buffer overflow in IBM HTTP Server 8.5 and 9.0 allows an attacker already authenticated to the Administration Server to execute arbitrary code or crash the service. The flaw requires adjacent network access and existing low-level privileges, and no public exploit identified at time of analysis despite the high CVSS 8.0 rating. EPSS probability is negligible (0.01%) and SSVC marks exploitation as 'none,' indicating the issue is currently a patch-and-move-on item rather than an emergency.

Denial Of Service Heap Overflow IBM Buffer Overflow Http Server
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-24162 HIGH This Week

Insecure deserialization in NVIDIA Merlin Transformers4Rec on Linux allows a local attacker to achieve code execution, data tampering, and information disclosure by tricking a user into loading a malicious serialized object. The flaw affects all Main-branch commits prior to March 11, 2026, and currently has no public exploit identified at time of analysis, with a very low EPSS score (0.02%) reflecting limited real-world activity. CISA SSVC classifies exploitation as 'none' but technical impact as 'total', placing it firmly in the supply-chain/MLOps risk category rather than a mass-exploitation threat.

Information Disclosure Nvidia Deserialization RCE Merlin Transformers4Rec
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-7454 HIGH PATCH This Week

Arbitrary code execution in Autodesk 3ds Max 2026 and 2027 occurs when the application parses a maliciously crafted WRL (VRML) file, leading to memory corruption that runs attacker-controlled code in the context of the current user. The flaw requires user interaction to open a malicious file and has no public exploit identified at time of analysis, with EPSS estimating only a 0.01% exploitation probability over the next 30 days. SSVC rates technical impact as total but classifies exploitation as 'none' and not automatable, consistent with a client-side file-format attack rather than a wormable internet-facing flaw.

Buffer Overflow RCE 3ds Max
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-48864 HIGH PATCH This Week

Heap buffer overflow in libsolv allows local attackers to corrupt memory when a vulnerable application processes a maliciously crafted .solv repository metadata file. The flaw stems from insufficient input validation during decompression of attacker-controlled data, enabling information disclosure, control-flow alteration, or denial of service across multiple Red Hat Enterprise Linux releases and SUSE distributions. SSVC marks exploitation as PoC-level with total technical impact, while EPSS remains very low at 0.01%, indicating limited probability of widespread exploitation despite high severity.

Denial Of Service Information Disclosure Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 +7
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25104 HIGH This Week

Heap-based buffer overflow in MediaArea MediaInfoLib's LXF (Leitch eXchange Format) parser allows attackers to achieve arbitrary code execution when a victim opens a maliciously crafted LXF media file. The flaw affects MediaInfoLib 26.01 and was reported by Cisco Talos (TALOS-2026-2367); no public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.01%.

Integer Overflow Buffer Overflow Mediainfolib
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25713 HIGH This Week

Heap buffer overflow in MediaArea MediaInfoLib's ID3v2 metadata parser allows local attackers to achieve arbitrary code execution when a victim opens a crafted media file. The flaw affects MediaInfoLib 26.01 and requires user interaction to trigger, with no public exploit identified at time of analysis. While CVSS rates it 7.8 (High), the very low EPSS score (0.01%) and SSVC 'Exploitation: none' signal suggest no widespread targeting is occurring.

Heap Overflow Buffer Overflow Mediainfolib
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25112 HIGH PATCH This Week

Local privilege escalation in Genetec RabbitMQ deployments and multiple dependent Genetec products allows a low-privileged local user to gain high-impact control over confidentiality, integrity, and availability. The flaw stems from incorrect permission assignment (CWE-732) in how Genetec deploys RabbitMQ, with no public exploit identified at time of analysis and an EPSS score of 0.01% indicating minimal predicted exploitation activity. The vendor (Genetec) discovered and disclosed the issue and has released fixed versions across the affected product line.

Privilege Escalation Genetec Rabbitmq Genetec Mission Control Genetec Sipelia Genetec Industrial Iot +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24193 HIGH PATCH This Week

Local privilege escalation in the NVIDIA Display Driver for Windows and Linux allows an authenticated low-privileged user to trigger an out-of-bounds write (CWE-787) in the kernel-mode driver, potentially leading to code execution, privilege escalation, information disclosure, data tampering, or denial of service. The flaw affects GeForce, RTX/Quadro/NVS, and Tesla product lines, with NVIDIA confirming the vulnerability and releasing patched driver versions. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.01%.

Nvidia Memory Corruption RCE Information Disclosure Microsoft +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24192 HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and Virtual GPU Manager branches) stems from an incorrect numeric type conversion (CWE-681) that produces a heap buffer overflow. A locally authenticated attacker with low privileges can trigger the flaw to achieve code execution, privilege escalation, information disclosure, data tampering, or denial of service. No public exploit identified at time of analysis, and EPSS is very low (0.01%, 1st percentile), but technical impact per SSVC is total.

Nvidia RCE Information Disclosure Buffer Overflow Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24191 HIGH This Week

Local privilege escalation in NVIDIA Display Driver for Windows (GeForce, RTX/Quadro/NVS, Tesla, and vGPU guest/manager components) stems from a time-of-check time-of-use (TOCTOU) race condition that can be abused by a low-privileged local user. Successful exploitation may yield code execution, privilege escalation, denial of service, information disclosure, or data tampering with scope change beyond the driver's security boundary. No public exploit identified at time of analysis; EPSS is 0.01% and SSVC exploitation status is 'none', so the practical risk is contingent on local access and winning a high-complexity race.

Nvidia RCE Information Disclosure Microsoft Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24194 HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU guest drivers) allows an authenticated local user to abuse improper permission handling in a kernel mode layer handler, enabling code execution, privilege elevation, and data tampering. CVSS 7.8 reflects high impact across confidentiality, integrity, and availability, but the attack vector is local and authenticated. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC marks technical impact as total.

Nvidia RCE Linux Information Disclosure Denial Of Service
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24190 HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Windows and Linux allows authenticated low-privilege users to improperly access GPU resources via a kernel mode layer flaw, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service. The issue affects GeForce, RTX/Quadro/NVS, and Tesla product lines across multiple driver branches and carries a CVSS 7.8 (High) score. No public exploit identified at time of analysis, and EPSS probability is very low (0.01%), but the breadth of affected hardware and total technical impact warrant prompt patching.

Nvidia RCE Linux Information Disclosure Microsoft +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-7452 HIGH PATCH This Week

Arbitrary code execution in Autodesk 3ds Max 2026 (<2026.1) and 2027 (<2027.1) is possible when a user opens a maliciously crafted WRL (VRML) file, triggering a memory corruption (buffer overflow) condition that runs attacker code in the context of the 3ds Max process. The flaw was reported by Autodesk itself and carries a CVSS 7.8 (local, user-interaction required); no public exploit has been identified and EPSS is 0.01%, indicating no observed exploitation activity to date. SSVC rates technical impact as total but exploitation as none and not automatable, consistent with a file-format parser bug requiring social engineering.

Buffer Overflow RCE 3ds Max
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-7451 HIGH PATCH This Week

Out-of-bounds write in Autodesk 3ds Max 2026 and 2027 enables arbitrary code execution when a user opens a maliciously crafted TIF image file, with impact ranging from process crash to data corruption to code execution in the context of the running application. The flaw requires local file handling and user interaction (UI:R), and there is no public exploit identified at time of analysis. EPSS is negligible (0.01%) and SSVC marks exploitation status as none, but the technical impact is rated total, making this a credible client-side risk for design and VFX workstations.

Memory Corruption Buffer Overflow RCE 3ds Max
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43306 HIGH PATCH This Week

Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root by exploiting a logic flaw (improper privilege management) that was resolved with additional validation checks. The flaw affects macOS Sonoma before 14.8, macOS Sequoia before 15.7, and macOS Tahoe before 26, and was reported by Apple itself. There is no public exploit identified at time of analysis and no EPSS or KEV signal was provided, indicating no confirmed active exploitation.

Apple Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy