Skip to main content
CVE-2026-9804 HIGH PATCH GHSA This Week

Arbitrary file read in KubeVirt's virt-exportserver component allows authenticated namespace users to exfiltrate sensitive files from the exporter pod via symlink-based path traversal in the VMExport directory endpoint. The flaw, reported by Red Hat and impacting Red Hat OpenShift Virtualization 4, carries a CVSS 7.7 score driven by scope change and high confidentiality impact, though no public exploit identified at time of analysis.

Information Disclosure Path Traversal Red Hat Openshift Virtualization 4
NVD VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-46123 HIGH PATCH This Week

Out-of-bounds read and information disclosure in the Linux kernel's virtio_bt (virtio Bluetooth) driver allows a malicious or buggy virtio backend to leak uninitialized kernel heap memory into received Bluetooth skbs. The virtbt_rx_work() function trusted the device-reported length from virtqueue_get_buf() without clamping it to the 1000-byte buffer actually exposed via sg_init_one(), so a hostile backend can report lengths between 1001 and skb_tailroom() - or 0 - causing skb_put() to expose untouched heap bytes or virtbt_rx_handle() to read an uninitialized pkt_type. No public exploit identified at time of analysis and EPSS is 0.02% (5th percentile), but a vendor patch is available.

Linux Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-47179 HIGH PATCH GHSA This Week

Authenticated arbitrary file read in Arcane (Docker management UI) versions ≤ 1.19.3 allows any low-privileged user to read any file accessible to the backend process by abusing Docker Compose `include:` directives. Because `CreateProject` skips include-path validation that `UpdateProject` enforces, an attacker can register a project whose compose file points at `/etc/passwd` or `/app/data/arcane.db`, then fetch the contents via the project file API - yielding stored password hashes and API keys for all users, enabling admin takeover and host RCE through Arcane's Docker control plane. No public exploit identified at time of analysis; vendor patch is available in 1.19.4.

Docker Path Traversal Privilege Escalation
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-45296 HIGH PATCH This Week

Cross-tenant data exposure in OpenReplay self-hosted session replay suite (versions prior to 1.26.0) allows an attacker holding any valid API key for their own tenant to enumerate sessions and retrieve sensitive session event data belonging to other tenants. The flaw stems from app_apikey routes in the Python API that validate the API key and the existence of a projectKey independently, but never confirm the two belong to the same tenant. No public exploit identified at time of analysis, though the trivial nature of the abuse (substituting a browser-visible projectKey) makes weaponization straightforward.

Python Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-10009 HIGH PATCH This Week

Sandboxed arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from an integer overflow in the Skia graphics library, allowing a remote attacker who has already compromised the renderer process to execute code within the sandbox via a crafted HTML page. Chromium rates this High severity, and no public exploit has been identified at time of analysis, though the vulnerability is part of a multi-stage exploit chain where renderer compromise is a prerequisite. The CVSS 7.5 score reflects high attack complexity (AC:H) and required user interaction (UI:R), making mass exploitation less likely than the impact metrics alone would suggest.

Google RCE Chrome
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-10003 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the Views UI component, allowing a remote attacker to execute arbitrary code if they can convince a user to perform specific UI gestures on a crafted HTML page. Chromium rates this as High severity and a vendor patch is available, but no public exploit has been identified at time of analysis.

Use After Free RCE Memory Corruption Google Denial Of Service +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-9960 HIGH PATCH This Week

Sandboxed arbitrary code execution in Google Chrome's PDFium component (versions prior to 148.0.7778.216) is possible via an integer overflow triggered by a crafted font file. The flaw requires a pre-compromised renderer process and user interaction, and no public exploit identified at time of analysis, though Chromium rates it High severity.

Google RCE Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-9956 HIGH PATCH This Week

Remote code execution in Google Chrome on iOS prior to 148.0.7778.216 allows attackers to exploit a use-after-free memory corruption flaw when a victim is lured to a malicious HTML page and performs specific UI gestures. The issue carries a CVSS 7.5 (High) score with high attack complexity and required user interaction, and no public exploit has been identified at time of analysis.

Apple Use After Free RCE Memory Corruption Google +4
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-9934 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the Aura UI framework component. A remote attacker who lures a user to a malicious HTML page and convinces them to perform specific UI gestures can execute arbitrary code within the browser process. No public exploit identified at time of analysis, and the CVSS 7.5 score reflects high attack complexity combined with required user interaction.

Use After Free RCE Memory Corruption Google Denial Of Service +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-9922 HIGH PATCH This Week

Renderer-to-browser sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 enables remote code execution via a use-after-free in the GPU process. An attacker who has already compromised the renderer can leverage a crafted HTML page to corrupt GPU process memory and execute arbitrary code outside the renderer sandbox. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Chromium rates the underlying severity as High.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-9901 HIGH PATCH This Week

Sandbox escape and arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the ANGLE graphics translation layer. An attacker who has already compromised the renderer process can leverage a crafted HTML page to break memory safety and execute code in a higher-privileged context. No public exploit identified at time of analysis, though Chromium rates the underlying severity as High.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-10005 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to 148.0.7778.216 stems from a use-after-free condition in the WebAppInstalls component, enabling a remote attacker to execute arbitrary code in the renderer context when a victim is lured to a malicious page and performs specific UI gestures. Chromium rates the severity as High, and while no public exploit identified at time of analysis, the bug class (UAF) is historically a favored target for Chrome exploit chains. The high attack complexity and required user interaction lower the practical exploitability compared to one-click bugs.

Use After Free RCE Memory Corruption Google Denial Of Service +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-46114 HIGH PATCH This Week

Remote information disclosure in the Linux kernel's RDMA Soft-RoCE (rxe) driver allows unauthenticated network attackers to leak adjacent kernel skb head-buffer memory by sending zero-length ATOMIC_WRITE RDMA packets. The flaw, tracked as CVE-2026-46114 and affecting kernels from 6.2 onward, lets a remote initiator extract 4 bytes of kernel tailroom per probe - including kernel strings and partial direct-map pointer words - into an attacker-controlled memory region. No public exploit identified at time of analysis and EPSS is low (0.05%, 17th percentile), but the vendor (kernel.org) has released stable patches across multiple branches.

Linux Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-48116 HIGH PATCH This Week

Command injection in AnythingLLM prior to 1.13.0 allows attackers chatting with an agent to execute arbitrary commands inside the server container by abusing the filesystem-search-files skill. The LLM-controlled pattern parameter is passed to ripgrep without a '--' end-of-options separator, letting a crafted pattern like '--pre=/bin/sh' coerce ripgrep into executing files as shell scripts. The default official Docker image ships with the filesystem plugin enabled, making typical deployments exploitable; no public exploit identified at time of analysis.

Docker Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-41565 HIGH PATCH This Week

Denial-of-service via stack buffer overflow in CryptX (Perl cryptography module) versions before 0.088_001 affects four AEAD decryption helpers that copy attacker-controlled authentication tags into a fixed 144-byte stack buffer without bounds checking. Remote attackers can crash any Perl application that passes untrusted tags to gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify, or eax_decrypt_verify, resulting in process termination. No public exploit identified at time of analysis, and EPSS scoring (0.04%, 13th percentile) reflects low expected exploitation activity despite the network attack vector.

Buffer Overflow Stack Overflow Cryptx Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46835 HIGH This Week

Remote denial of service in Oracle Database Server 23.4.0 through 23.26.2 allows unauthenticated network attackers to crash or hang the Net Service component via crafted TLS traffic. The flaw scores CVSS 7.5 with availability-only impact and was disclosed by Oracle in the May 2026 Critical Patch Update; no public exploit identified at time of analysis.

Denial Of Service Oracle
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46834 HIGH This Week

Remote denial-of-service in Oracle Database Server's Net Service component (versions 23.4.0 through 23.26.2) allows unauthenticated attackers with TLS network access to hang or repeatedly crash the listener, producing a complete DoS of database connectivity. The flaw is rated CVSS 7.5 (availability-only) and was disclosed by Oracle in the May 2026 Critical Patch Update; no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Denial Of Service Oracle
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46829 HIGH This Week

Remote denial-of-service in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows unauthenticated network attackers to cause a complete hang or repeatable crash of the service via the Mongoapi component over HTTPS. The vulnerability is rated CVSS 7.5 with availability-only impact and no public exploit identified at time of analysis, but the unauthenticated, low-complexity attack profile makes it operationally significant for any internet-exposed ORDS instance.

Denial Of Service Oracle
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-9963 HIGH PATCH This Week

Arbitrary code execution within the sandbox in Google Chrome on iOS prior to 148.0.7778.216 allows remote attackers to abuse an uninitialized memory condition when a victim performs specific UI gestures on a crafted HTML page. Chromium rates the security severity as High, and a vendor patch is available; no public exploit identified at time of analysis and the EPSS score (0.04%) suggests low near-term exploitation likelihood.

Apple RCE Google Suse Red Hat +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-9909 HIGH PATCH This Week

Sandboxed arbitrary code execution in Google Chrome (Skia graphics library) prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to execute additional code inside the Chrome sandbox via a crafted HTML page. The flaw is an integer overflow rated High by Chromium's security team with a CVSS of 7.5, but EPSS is very low (0.04%, 12th percentile) and there is no public exploit identified at time of analysis. Exploitation requires user interaction (visiting a page) and a pre-existing renderer compromise, so this is a chain component rather than a standalone RCE.

Google RCE Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-9954 HIGH PATCH This Week

Heap corruption in Google Chrome's TabStrip component before version 148.0.7778.216 allows remote attackers to potentially achieve code execution by serving a crafted HTML page and inducing the victim to perform specific UI gestures. Chromium rates the issue High severity, but EPSS places exploitation probability at just 0.03% (11th percentile) and no public exploit identified at time of analysis, reflecting the high attack complexity and required user interaction.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-9933 HIGH PATCH This Week

Use-after-free in the Input component of Google Chrome prior to 148.0.7778.216 allows a remote attacker to trigger heap corruption when a victim is lured to a crafted HTML page and performs specific UI gestures. Chromium rates the severity High, and while no public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), the bug class historically yields renderer RCE when chained with a sandbox escape. A vendor patch is available in the stable channel update referenced by Google.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46133 HIGH PATCH This Week

Remote denial-of-service in the Linux kernel's Soft RoCE (RDMA/rxe) driver allows unauthenticated attackers to crash the kernel by sending a single crafted 48-byte UDP packet to port 4791 with an undefined BTH opcode. The flaw triggers an out-of-bounds read in rxe_icrc_hdr() via crc32_le() due to zero-initialized rxe_opcode[] entries causing arithmetic underflow, panicking the host with no public exploit identified at time of analysis though EPSS is very low at 0.03%.

Linux Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32995 HIGH PATCH This Week

Cross-room message disclosure in Rocket.Chat allows any authenticated DDP user to read arbitrary messages - including those in private channels, direct messages, and E2EE rooms - by invoking the autoTranslate.translateMessage Meteor method with a target message ID. The flaw stems from missing access control and identity checks in the server-side method handler, with an upstream fix merged in PR #40528. No public exploit identified at time of analysis, though the trivial DDP call pattern makes weaponization straightforward.

Authentication Bypass Rocket Chat
NVD GitHub VulDB
CVSS 3.0
7.5
EPSS
0.0%
CVE-2026-9990 HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to version 148.0.7778.216 can be triggered remotely through a crafted HTML page combined with specific user interface gestures, leveraging a use-after-free condition in the WebAppInstalls component. Chrome rates this as High severity and has shipped a patched stable channel release, though no public exploit identified at time of analysis and EPSS estimates exploitation probability at just 0.03%.

Google Denial Of Service Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-10006 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows remote attackers to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a race condition in the WebAudio component. Google rates the underlying Chromium issue as High severity, and while no public exploit identified at time of analysis, the bug is browser-resident and reachable from any web origin, making it a meaningful drive-by risk once details surface. EPSS data was not provided, and the issue is not currently listed in CISA KEV.

Google RCE Race Condition Red Hat Suse +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-10022 HIGH PATCH This Week

Type confusion in the V8 JavaScript engine of Google Chrome before 148.0.7778.216 enables sandboxed arbitrary code execution when a user is convinced to install a malicious browser extension that delivers a crafted payload. The flaw carries a CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and is reported by Google's Chrome team, with no public exploit identified at time of analysis and a very low EPSS of 0.02%. Impact remains constrained to the renderer sandbox, but full confidentiality, integrity, and availability loss inside that boundary is possible.

Google Memory Corruption RCE Chrome
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46177 HIGH PATCH This Week

Denial of service in the Linux kernel IPMI driver allows a malicious or buggy BMC (Baseboard Management Controller) to indefinitely stall the driver by never signaling completion on event/message fetches or by keeping the attention (attn) bit asserted. The CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/C:N/I:N/A:H) score reflects pure availability impact, and the issue has existed since the IPMI driver's inception; no public exploit identified at time of analysis and EPSS is 0.02% (5th percentile), indicating very low exploitation likelihood.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46124 HIGH PATCH This Week

Information disclosure in the Linux kernel isofs filesystem allows authenticated NFS peers to read arbitrary in-range blocks from the backing device by submitting crafted NFS file handles to isofs_export_iget(). The flaw resides in isofs_fh_to_dentry() and isofs_fh_to_parent(), which previously only rejected block==0 before passing the attacker-controlled block number to sb_bread(), exposing unrelated adjacent-partition data as iso_inode_info fields returned to NFS clients. No public exploit identified at time of analysis, EPSS is 0.02% (5th percentile), and this is reported as hardening adjacent to the prior CVE-2025-37780 fix.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46110 HIGH PATCH This Week

Denial of service in the Linux kernel's stmmac Ethernet driver allows remote attackers to trigger a NULL pointer dereference and kernel panic on systems using STMicroelectronics MAC network controllers under sustained memory pressure. The flaw stems from incomplete handling of the DMA RX descriptor ring lifecycle, where stmmac_rx() cannot distinguish 'full' from 'dirty' descriptors when stmmac_rx_refill() fails to allocate replacement buffers. EPSS rates exploitation probability at only 0.02% (5th percentile), and no public exploit identified at time of analysis.

Linux Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-9096 HIGH GHSA This Week

SAML assertion time-bound enforcement is missing in Casdoor 2.362.0 and earlier, allowing remote attackers to present SAML assertions whose NotBefore/NotOnOrAfter windows have expired and still obtain valid user sessions. The underlying gosaml2 library does compute the time-validity result, but Casdoor's ParseSamlResponse() never reads the assertionInfo.WarningInfo field where those results are reported, so the check is silently discarded. No public exploit identified at time of analysis and EPSS is very low (0.02%, 5th percentile).

Denial Of Service Casdoor
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7797 HIGH This Week

Time-based blind SQL injection in the Simply Schedule Appointments WordPress plugin (versions up to and including 1.6.11.8) allows unauthenticated remote attackers to extract sensitive database contents through the 'append_where_sql' parameter on the /appointments/bulk REST endpoint. The endpoint's permission check accepts a public nonce embedded in the booking widget's frontend JavaScript, and a PUT request with a urlencoded body bypasses the plugin's blocklist by preventing PHP from populating the relevant superglobals. No public exploit identified at time of analysis, though Wordfence has documented the technique in detail.

SQLi WordPress
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-46818 HIGH This Week

Unauthorized data modification and disclosure in Oracle E-Business Suite (Oracle Payments component, File Transmission) versions 12.2.3 through 12.2.15 allows unauthenticated remote attackers over HTTPS to read, alter, create, or delete all Oracle Payments-accessible data. The flaw carries a CVSS 3.1 base score of 7.4 with high confidentiality and integrity impact but no availability impact, and is rated high attack complexity. No public exploit identified at time of analysis, and it is not currently listed in CISA KEV.

Authentication Bypass Oracle
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-5343 HIGH PATCH This Week

Privilege escalation in the Drupal SAML SSO - Service Provider contributed module (versions prior to 3.1.4) allows remote unauthenticated attackers to gain elevated privileges by exploiting improper handling of exceptional conditions during SAML authentication flows. The CVSS 7.4 (High) score reflects high attack complexity but network reachability and no authentication requirement, with confidentiality and integrity impact. EPSS probability is very low (0.02%, 5th percentile) and there is no public exploit identified at time of analysis.

Privilege Escalation Saml Sso Service Provider
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-37579 HIGH This Week

Remote code execution in SMSGate sms-core versions 2.1.13.6 and earlier allows remote attackers to execute arbitrary code by sending crafted input to the Cmpp7FDeliverRequestMessageCodec.java component, which handles CMPP protocol message decoding. The CVSS 7.3 (AV:N/AC:L/PR:N/UI:N) vector indicates network-reachable, unauthenticated exploitation with low complexity, though EPSS scores this at only 0.06% (18th percentile) and there is no public exploit identified at time of analysis. SSVC indicates exploitation status is 'none' but the issue is automatable with partial technical impact across CIA.

Java RCE Deserialization
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-9795 HIGH PATCH GHSA This Week

Privilege escalation in Keycloak's Fine-Grained Admin Permissions v2 (FGAPv2) allows an administrator with only limited client-management rights to attach arbitrary realm roles - including highly privileged ones - to a client's scope mappings, causing those roles to be injected into user authentication tokens that traverse the modified client. The flaw affects the Red Hat Build of Keycloak per the vendor advisory and has no public exploit identified at time of analysis, but the high-privilege admin pivot makes it operationally significant in multi-tenant identity deployments.

Privilege Escalation Red Hat Build Of Keycloak
NVD VulDB GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-9658 HIGH PATCH This Week

Header injection filtering bypass in Plack::Middleware::Security::Common (Perl) versions prior to 0.13.1 allows remote attackers to smuggle CRLF sequences and additional headers through request paths that are not double-encoded. The flaw weakens a security middleware specifically designed to prevent header injection, and while EPSS sits at 0.03% (9th percentile) with no public exploit identified at time of analysis, downstream impact depends on how reverse proxies and Plack-based servers handle the unblocked CRLF payloads.

Code Injection Plack
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-30761 HIGH This Week

Arbitrary file upload in SourceBans Material Admin v1.1.6 allows remote unauthenticated attackers to achieve code execution by uploading a crafted image file to the pages/admin.uploadmapimg.php endpoint. The flaw is tagged as a PHP RCE vector and has public proof-of-concept gists referenced on GitHub, though it is not listed in CISA KEV and carries a very low EPSS exploitation probability (0.02%, 5th percentile).

File Upload RCE PHP N A
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-30760 HIGH This Week

Arbitrary user data manipulation in SourceBans Material Admin web application before v1.1.6 (commit 3ecd95e) allows remote unauthenticated attackers to alter other users' records by sending crafted XAJAX calls. The flaw stems from insufficient input validation (CWE-20) in the XAJAX request handler and is tagged as an Information Disclosure issue. No public exploit has been identified at time of analysis, and EPSS scores the likelihood of near-term exploitation at only 0.02% (5th percentile).

Information Disclosure N A
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-32996 HIGH This Week

Local privilege escalation in Veeam Agent for Microsoft Windows enables a low-privileged authenticated user to escalate to higher privileges on the host, with the CWE-532 mapping indicating sensitive information is exposed via log files that the attacker can read or abuse. CVSS 4.0 base score is 7.3 with high impact to confidentiality, integrity, and availability of the vulnerable component, and no public exploit identified at time of analysis. The flaw is tied to the broader Veeam Backup and Replication 13 ecosystem (≤13.0.1 per ENISA EUVD), making it relevant on any Windows endpoint where the Veeam Agent is deployed alongside or as part of that platform.

Privilege Escalation Microsoft
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-34126 HIGH PATCH This Week

Cleartext Bluetooth transmission in TP-Link Tapo L535E, P300, and D100C devices allows adjacent attackers to intercept and manipulate initial setup data, enabling potential unauthorized device control during onboarding. The flaw stems from missing encryption on the Bluetooth pairing channel used only during initialization, and TP-Link has released patched firmware versions for all affected models. No public exploit identified at time of analysis, but the low complexity and absence of authentication make this a meaningful risk for users provisioning devices in dense urban or office environments.

TP-Link Authentication Bypass
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-6720 HIGH PATCH GHSA This Week

Credential disclosure in Tigera Calico's calicoctl CLI exposes cluster-access secrets through verbose logging output. When operators run calicoctl with --log-level=info or --log-level=debug, the tool serializes its entire connection-configuration struct (including bearer tokens, etcd passwords, and inline PEM client certificates/keys) to stderr in a single log line, making them harvestable by anyone with access to CI logs, terminal recordings, or support transcripts. The issue is patched upstream but no public exploit is identified at time of analysis; default panic-level logging means standard deployments are not exposed.

Information Disclosure Kubernetes
NVD GitHub
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-7052 HIGH This Week

Stored cross-site scripting in the HT Contact Form - Drag & Drop Form Builder for WordPress plugin (versions up to and including 2.8.2) allows unauthenticated remote attackers to inject persistent JavaScript via the 'file_upload' parameter, which gets rendered via dangerouslySetInnerHTML in the admin entry viewer. The injected payload executes in the browser context of any administrator who opens the affected submission, enabling session theft, privilege abuse, or arbitrary admin actions. No public exploit identified at time of analysis, and the issue requires the plugin's 'Store Submissions' setting to be enabled for the unsanitized values to persist.

XSS WordPress
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-7634 HIGH This Week

Stored cross-site scripting in the SlimStat Analytics WordPress plugin (versions through 5.4.11) allows unauthenticated attackers to inject arbitrary JavaScript via the User-Agent request header, which is persisted unsanitized and later rendered inside the admin Browsers report tooltip. Exploitation requires the non-default 'show_complete_user_agent_tooltip' setting to be enabled by an administrator, after which any admin viewing the affected report executes the attacker's script. No public exploit identified at time of analysis and no EPSS or CISA KEV signal is provided in the supplied data.

XSS WordPress
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-2374 HIGH This Week

Stored cross-site scripting in the Login No Captcha reCAPTCHA WordPress plugin (versions up to and including 1.8.0) allows unauthenticated remote attackers to inject arbitrary JavaScript that executes in an administrator's browser session. The flaw, reported by Wordfence, stems from unsanitized handling of the PHP_SELF superglobal during failed logins via non-standard endpoints such as xmlrpc.php, with no public exploit identified at time of analysis and no CISA KEV listing.

XSS PHP WordPress
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-45342 HIGH PATCH This Week

Cross-tenant resource tampering in LinkAce before 2.5.6 lets any authenticated user modify links, lists, tags, and notes belonging to other users whenever those resources have non-private visibility. The flaw exists in both the web UI and the REST API because the update() policy checks validate visibility instead of ownership, while delete() correctly enforces ownership. No public exploit identified at time of analysis, but the bug is trivially exploitable by any registered account on a vulnerable instance.

Authentication Bypass Linkace
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-45042 HIGH PATCH This Week

Improper authorization in RustFS prior to 1.0.0-beta.2 allows authenticated users to perform unauthorized cross-bucket object copies via the S3-compatible UploadPartCopy operation, bypassing destination-bucket policy constraints on permitted copy sources. The Rust-based distributed object storage system validates GetObject on the source and PutObject on the destination independently but never checks whether the destination bucket actually permits the specified source, enabling lateral data movement between buckets. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Rustfs
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-46230 HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's AMD GPU VCN3 (Video Core Next, generation 3) decoder message parser allows a local low-privileged user to read kernel memory beyond the buffer object boundary and potentially trigger denial of service. The flaw was resolved by adding bounds checks against the end of the buffer object whenever the dec msg is accessed. EPSS is very low (0.02%, 6th percentile) and no public exploit has been identified at time of analysis.

Linux Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-46204 HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's AMD GPU VCN4 (Video Core Next) driver allows a local user with GPU access to trigger memory disclosure or denial of service by submitting a crafted indirect buffer (IB) to the amdgpu DRM subsystem. The flaw stems from missing bounds checks while parsing IBs in the drm/amdgpu/vcn4 code path, and no public exploit identified at time of analysis. EPSS exploitation probability is very low (0.02%) and the issue is not listed in CISA KEV.

Linux Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-46199 HIGH PATCH This Week

Out-of-bounds read in the AMD GPU VCN4 (Video Core Next, 4th generation) decoder message parser of the Linux kernel allows a local low-privileged user to read kernel memory beyond the decoder message buffer object, potentially leading to information disclosure and denial of service. The flaw exists in the drm/amdgpu/vcn4 driver where bounds against the end of the buffer object (BO) were not validated when parsing decoder messages. No public exploit identified at time of analysis and EPSS scores the exploitation probability at just 0.02% (6th percentile), but a vendor patch is available across multiple stable branches.

Linux Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy