Skip to main content
CVE-2026-35674 HIGH PATCH This Week

Scope bypass in OpenClaw versions prior to 2026.5.18 allows authenticated clients holding only the operator.write scope to invoke privileged Gateway commands via the chat.send route, escalating from limited operator access to full administrative control. Exploitation lets remote attackers mutate plugins, configuration, MCP settings, allowlists, and ACP rules that should require operator.approvals or operator.admin scopes. No public exploit has been identified at time of analysis, but the CVSS 4.0 base score of 8.7 (high) and low attack complexity make this a serious privilege-escalation issue for any multi-tenant or delegated OpenClaw deployment.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-32905 HIGH PATCH This Week

Authorization bypass in OpenClaw versions before 2026.5.4 allows authenticated chat command users who are not device owners to issue device-pairing bootstrap codes through the bundled device-pair plugin. Exploitation enables an attacker with low-privilege chat access to enroll arbitrary devices with operator or node capabilities, establishing persistent credentials that survive until manual revocation. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-44494 HIGH PATCH GHSA This Week

Man-in-the-middle interception in the Axios HTTP client library (all versions through 1.15.x) allows any prototype pollution elsewhere in the Node.js dependency tree to be escalated into full traffic hijacking. Because `config.proxy` is not defined in Axios defaults, `lib/adapters/http.js` reads it via prototype-chain traversal - letting an attacker who controls `Object.prototype.proxy` silently route every outbound HTTPS/HTTP request through their server, harvesting Authorization headers, cookies, and request bodies while tampering with responses. Publicly available exploit code exists in the disclosure; no public exploit identified at time of analysis in the wild and not on CISA KEV.

SSRF
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-10105 HIGH PATCH GHSA This Week

SQL injection in agno 2.6.5's ClickHouse vector database backend allows authenticated attackers to inject arbitrary SQL via metadata keys and values passed to delete_by_metadata(). The flaw stems from unsafe f-string interpolation in clickhousedb.py and enables row deletion, targeted data tampering, and information extraction through error-based or blind SQLi. No public exploit identified at time of analysis, but a vendor patch (PR #7883) is available and the issue was disclosed by VulnCheck.

SQLi Agno
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-49195 HIGH This Week

Unauthenticated command execution on Acer Predator Connect W6x routers exposes the /sbin/mtk_dut debug binary on TCP port 9000, allowing any device on the LAN to issue arbitrary UCC (Unified Configuration Command) instructions without credentials. The flaw affects Predator Connect W6x firmware W6x_GBL_2.00.000005 and earlier, and at the time of analysis there is no public exploit identified, though the trivial protocol (raw TCP, no auth) makes weaponization straightforward once discovered.

Authentication Bypass Predator Connect W6X
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-49368 HIGH PATCH This Week

Stored cross-site scripting in JetBrains YouTrack versions prior to 2026.1.13162 allows an authenticated project-level user to inject persistent JavaScript into project notification templates, which executes in the browsers of other users who receive or view those notifications. The scope-changed CVSS 8.7 reflects that injected scripts can pivot beyond the vulnerable component to compromise the sessions and data of higher-privileged recipients. No public exploit identified at time of analysis and no KEV listing, but the issue was disclosed and patched directly by the vendor.

XSS Youtrack
NVD VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-47266 HIGH PATCH GHSA This Week

Unauthorized submission modification in Formie (Craft CMS plugin) versions prior to 2.2.21 and 3.1.26 allows remote unauthenticated attackers to overwrite existing form submissions by POSTing a known or guessed submission ID to the formie/submissions/save-submission endpoint. The flaw is an authorization bypass (CWE-639) that compromises integrity of stored submission data without requiring credentials. No public exploit identified at time of analysis, though the upstream fix and advisory are publicly disclosed on GitHub.

Authentication Bypass Formie
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-10067 HIGH This Week

Stack-based buffer overflow in Shibby Tomato 1.28 router firmware allows authenticated remote attackers to corrupt memory in the multimon.cgi handler (function sub_90F0), with high impact to confidentiality, integrity, and availability per CVSS 4.0 (8.7). The affected project is end-of-life and superseded by FreshTomato, meaning no vendor patch will be issued. No public exploit identified at time of analysis and no CISA KEV listing, but the low attack complexity and network reachability make this a meaningful risk for any still-deployed devices.

Buffer Overflow
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-10066 HIGH This Week

Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows authenticated remote attackers to corrupt memory in the UPS Service CGI handler, potentially leading to code execution or device compromise. The flaw resides in function sub_9068 of tomatoups.cgi and carries a CVSS 4.0 score of 8.7, but no public exploit identified at time of analysis. Critically, this project is end-of-life - superseded by FreshTomato - so no vendor patch will be issued.

Buffer Overflow
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-10065 HIGH This Week

Stack-based buffer overflow in Shibby Tomato 1.28 router firmware allows authenticated remote attackers to corrupt memory and likely execute code by submitting a crafted Date argument to the get_ups_field function in tomatodata.cgi. The project is end-of-life and superseded by FreshTomato, so no fix will be issued by the original maintainer. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the CVSS 4.0 score of 8.7 reflects high confidentiality, integrity, and availability impact over the network with low complexity.

Buffer Overflow
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-10073 HIGH This Week

Arbitrary file read in Interinfo DreamMaker allows remote unauthenticated attackers to retrieve sensitive system files by abusing a relative path traversal flaw in the application's file-handling logic. The issue is rated CVSS 4.0 8.7 (High) due to network exploitability with no privileges or user interaction, though impact is confined to confidentiality. No public exploit identified at time of analysis, and the disclosure was coordinated through TWCERT (Taiwan's national CERT).

Path Traversal Dreammaker
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-48527 HIGH PATCH GHSA This Week

Stored cross-site scripting in HAX CMS (haxcms-nodejs and haxcms-php) through version 26.0.0 allows authenticated page editors to bypass the HTML sanitizer via the /system/api/saveNode endpoint by omitting whitespace before an event handler attribute name. Successful exploitation executes attacker-controlled JavaScript in the browsers of other users viewing the affected microsite, with scope change enabling impact beyond the attacker's own privilege level. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS PHP
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-9509 HIGH PATCH This Week

Unauthenticated denial of service in Suprema BioStar 2 Server versions 2.9.8, 2.9.10, and 2.9.11 allows remote attackers to halt critical processes by sending HTTP POST requests to the '/api/migration' endpoint, taking access control readers offline until manual service or server restart. No public exploit identified at time of analysis, though SSVC flags the attack as automatable with partial technical impact. Because BioStar 2 governs physical access control, the outage cascades to door readers and downstream third-party integrations, elevating real-world impact beyond a typical web-app DoS.

Denial Of Service Biostar 2 Server
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41267 HIGH This Week

Authenticated OS command injection in the Administration WebUI of Waterfall WF-500 TX Host version 7.9.1.0 R2502171040 lets high-privileged remote users execute arbitrary operating system commands on the host. The flaw was identified by Nozomi Networks Labs and carries a CVSS 4.0 score of 8.5, but with no public exploit identified and a modest EPSS of 0.70% (72th percentile), real-world exploitation pressure is currently moderate rather than urgent.

Command Injection Wf 500
NVD
CVSS 4.0
8.5
EPSS
0.7%
CVE-2026-49196 HIGH This Week

Command injection in the Acer Predator Connect W6x router allows authenticated high-privilege attackers to execute arbitrary shell commands by submitting a crafted MAC address through the Wi-Fi device blocking feature. The flaw stems from insufficient input sanitization on a value that is passed to a shell context, and at the time of analysis no public exploit has been identified and the issue is not listed in CISA KEV. With a CVSS 4.0 base score of 8.6, the bug confers full confidentiality, integrity and availability impact on the device itself.

Command Injection Predator Connect W6X
NVD VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-47139 HIGH PATCH GHSA This Week

Sandbox network isolation bypass in vm2 NodeVM (versions <= 3.11.3) allows untrusted JavaScript running in the sandbox to regain outbound and listening network access despite explicit exclusions of public network modules. Remote attackers (in the threat model where the application accepts untrusted code) can leverage Node.js's undocumented underscored builtins such as `_http_client` and `_http_server` to reach internal services, cloud metadata endpoints, and localhost-only admin panels. Publicly available exploit code exists (PoC published in the GHSA advisory), and a vendor-released patch is available in version 3.11.4.

SSRF Node.js Red Hat
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-47209 HIGH PATCH GHSA This Week

Sandbox escape in vm2 (npm) versions ≤ 3.11.3 allows untrusted code running inside the VM to write arbitrary properties - including dangerous Symbol-keyed properties like `nodejs.util.promisify.custom` - onto host-realm objects via a Proxy `set`-trap receiver-handling flaw. Because any inheriting child object (`Object.create(hostObj)`) becomes a write channel into the host, attackers can hijack host control flow when the host later dispatches through the polluted slot, escalating from sandbox integrity loss to host-realm code execution. Publicly documented reproduction exists in the GHSA advisory; no public exploit identified at time of analysis and not on the CISA KEV list.

RCE Red Hat
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-41237 HIGH PATCH GHSA This Week

DNS zone file injection in Froxlor (versions before 2.3.7) allows authenticated users with DNS management permissions to inject arbitrary records into bind9 zone files through incomplete validation of LOC, RP, SSHFP, and TLSA record types. This is the second attempt at fixing the issue (originally tracked as CVE-2026-30932) - the LOC regex still matches newlines via \s+, TLSA matchingType=0 accepts unbounded hex payloads, and validators return raw input without zone-file escaping. Publicly available exploit code exists demonstrating both pre-fix injection and post-fix bypasses, though no public exploit identified in active campaigns at time of analysis.

Authentication Bypass PHP Python
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-41235 HIGH PATCH GHSA This Week

Authorization bypass in Froxlor 2.3.6 allows an authenticated low-privileged customer with shell delegation enabled to assign an arbitrary login shell (e.g., /bin/bash) to an FTP account, escaping the administrator-defined system.available_shells whitelist. On default Debian-based deployments using nssextrausers, a root-owned cron job propagates the attacker-chosen shell into /var/lib/extrausers/passwd, converting the FTP-only account into an interactive host shell account. Publicly available exploit code exists (POC published in the GHSA advisory); no public exploit identified at time of analysis as being actively used in the wild.

PHP Debian CSRF Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-44492 HIGH PATCH GHSA This Week

Server-Side Request Forgery in axios versions <1.16.0 and <=0.31.1 allows remote attackers who control a request URL to bypass NO_PROXY allowlists by using IPv4-mapped IPv6 notation (e.g., ::ffff:7f00:1 for 127.0.0.1, or ::ffff:a9fe:a9fe for the 169.254.169.254 cloud metadata endpoint). The flaw is an incomplete fix for CVE-2025-62718: shouldBypassProxy normalizes brackets and trailing dots but never canonicalises the ::ffff: prefix, so loopback and metadata exclusions silently fail and traffic is routed through an attacker-controlled HTTP/HTTPS proxy. Publicly available exploit code exists (full PoC in the GHSA advisory); no public exploit identified at time of analysis as actively exploited and the CVE is not in CISA KEV.

Apple Node.js SSRF
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-10072 HIGH This Week

Arbitrary file upload in Interinfo DreamMaker allows authenticated high-privilege remote attackers to upload web shell backdoors and achieve arbitrary code execution on the underlying server. The flaw carries a CVSS 4.0 score of 8.6 and was reported via TWCERT, with no public exploit identified at time of analysis. Despite the high privilege requirement, the network-reachable vector and full CIA impact on the host make this a meaningful post-authentication compromise primitive.

File Upload RCE Dreammaker
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-44238 HIGH PATCH This Week

SQL injection in FreePBX CDR Reports module prior to versions 16.0.50 and 17.0.11 allows authenticated users with CDR section access to execute arbitrary SQL queries via the order and sort POST parameters. The flaw requires a valid Administration Control Panel account but not full administrator privileges, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV. The CVSS 4.0 score of 8.5 reflects high confidentiality and integrity impact against the call detail records database.

SQLi Security Reporting
NVD GitHub
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-47201 HIGH PATCH GHSA This Week

Authentication bypass in authentik's SAML Source ACS endpoint allows an attacker holding any account at a trusted upstream IdP to impersonate other federated users via XML Signature Wrapping (XSW). The flaw stems from the signature verifier not binding the validated signature to the assertion subsequently consumed for identity data, so a crafted response can present a legitimately signed assertion for signature checks while a separate forged assertion supplies the victim identifier. No public exploit identified at time of analysis, but the upstream commit (a370d76) and detailed XSW3-style test fixtures make the technique transparent to anyone reading the patch.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.5
EPSS
0.1%
CVE-2026-49198 HIGH This Week

Information disclosure in the Acer Predator Connect W6x router's MQTT broker allows authenticated low-privileged actors to subscribe to wildcard topics and observe all MQTT traffic traversing the device. The flaw stems from improper access control (CWE-284) on broker subscriptions, enabling cross-tenant data exposure with high confidentiality impact and scope change to other subscribed services. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Authentication Bypass Predator Connect W6X
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-44698 HIGH PATCH This Week

Cross-origin JavaScript injection in Home Assistant Companion apps for Android (before 2026.4.4) and iOS (before 2026.4.1) allows a malicious iframe loaded inside the app's WebView to execute arbitrary JavaScript in the Home Assistant frontend's origin and steal the signed-in user's access token. The flaw stems from exposing the native JavaScript bridge (window.externalApp on Android, webkit.messageHandlers.getExternalAuth on iOS) to all frames combined with unsanitized callback identifier interpolation. No public exploit identified at time of analysis, and the issue is not in CISA KEV.

Apple RCE Google Code Injection
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-45615 HIGH This Week

Heap out-of-bounds read in mouse07410/asn1c versions 1.4 and earlier allows remote attackers to crash applications or corrupt integer parsing logic by sending a zero-length OER payload for a variable-length non-negative INTEGER type. The generated INTEGER_oer.c skeleton extracts the Most Significant Bit without validating input length, and because asn1c-generated parsers are commonly deployed in V2X, 5G telecom, and X.509 stacks, the impact extends into safety- and identity-critical pipelines. No public exploit identified at time of analysis, but the trivial trigger condition makes weaponization straightforward.

Denial Of Service Asn1C
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-44490 HIGH PATCH GHSA This Week

Denial-of-service and HTTP header injection in the axios npm package (>=1.0.0,<1.16.0 and <=0.31.1) arise from two read-side prototype-pollution gadgets in lib/utils.js merge() and lib/core/mergeConfig.js, allowing a polluted Object.prototype (typically from an upstream dependency such as lodash CVE-2018-16487) to inject arbitrary outbound headers or crash every axios call with a synchronous TypeError. Publicly available exploit code exists in the GHSA advisory PoC, but EPSS is only 0.04% (13th percentile) and SSVC marks Automatable=no with partial technical impact, so this is a credible secondary-gadget risk rather than a mass-exploitation target.

Denial Of Service Prototype Pollution Red Hat
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-47409 HIGH PATCH GHSA This Week

{workspace_id}/members/{user_id}`, which defaults to `min_role="member"` instead of requiring owner/admin privileges, and there is no public exploit identified at time of analysis.

Privilege Escalation Python
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-47406 HIGH PATCH GHSA This Week

Cross-workspace Insecure Direct Object Reference in praisonai-platform (<=0.1.2) allows any authenticated workspace member to read, create, and delete issue dependencies belonging to foreign workspaces by supplying arbitrary issue UUIDs in URL paths and request bodies. The dependency endpoints only enforce membership on the URL workspace_id while passing unvalidated issue and dependency identifiers to DependencyService, enabling cross-tenant linking of issues across any two workspaces in the deployment. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-4x6r-9v57-3gqw confirms the flaw and a fixed version (0.1.4) is available.

Python Authentication Bypass Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-47398 HIGH PATCH GHSA This Week

Remote code execution in PraisonAI versions 2.0.0 through 4.6.39 allows attackers to execute arbitrary Python code via two unguarded spec.loader.exec_module call sites in agents_generator.py. The flaw is a sibling of CVE-2026-44334: the v4.6.32 chokepoint refactor added a PRAISONAI_ALLOW_LOCAL_TOOLS env-var gate to tool_override.py but missed the load_tools_from_module and load_tools_from_module_class sinks, which load arbitrary module paths from YAML agent configuration without validation. Publicly available exploit code exists (working PoC published with the advisory) and a fixed release is available in 4.6.40.

RCE Code Injection Python
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-47231 HIGH PATCH GHSA This Week

Insecure direct object reference in Admidio's documents module allows any user with upload rights on a single folder to exfiltrate files from private folders they cannot read. The `move_save` handler in `modules/documents-files.php` validates the actor's upload right against a URL-supplied `folder_uuid` rather than the file's actual parent folder, letting a low-privileged member relocate restricted files into an attacker-controlled folder and download them. No public exploit identified at time of analysis, but a detailed PoC with verified code paths is included in the GHSA-x628-457g-2pw9 advisory.

PHP CSRF Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-47740 HIGH PATCH GHSA This Week

Authorization bypass in Shopperlabs Shopper headless e-commerce admin panel prior to 2.8.0 allows authenticated low-privilege users with read-only order permissions to mutate every order in the panel and trigger real Payment Service Provider captures via Filament admin actions. The flaw spans multiple Livewire components beyond orders - including product sub-forms, team settings, and RBAC management - enabling privilege escalation up to role creation and user deletion. No public exploit identified at time of analysis, but a detailed GitHub Security Advisory and patch diff are public.

Authentication Bypass Shopper
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-6075 HIGH This Week

Cross-Site Request Forgery in the Media Library Assistant WordPress plugin versions 3.35 and earlier allows remote attackers to coerce authenticated administrators into executing bulk delete, edit, or purge actions against plugin settings and attachment metadata. The flaw stems from missing nonce checks on bulk action handlers across multiple settings tabs and was reported by Wordfence. There is no public exploit identified at time of analysis and no CISA KEV listing, but the high CVSS of 8.1 reflects significant integrity and availability impact if a logged-in admin is lured to a malicious page.

WordPress CSRF
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-49367 HIGH PATCH This Week

Command execution in JetBrains IntelliJ IDEA versions prior to 2026.1.1 allows attackers leveraging the guest user account to run arbitrary commands on the host. The flaw, reported by JetBrains and tagged as an authentication bypass affecting the IDE's collaborative/guest-access functionality, carries a CVSS 8.0 (High) rating with network attack vector but requires low-privilege access and user interaction. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Authentication Bypass Intellij Idea
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-42951 MEDIUM PATCH CISA This Month

Backup download functionality in the Danelec MacGregor Voyage Data Recorder G4E exposes account credentials and password hashes to any authenticated low-privileged user. An attacker with a valid low-privilege account operating on the same adjacent network segment - typically the onboard vessel LAN - can retrieve a device backup file containing credential material, enabling offline password cracking and potential privilege escalation. No public exploit identified at time of analysis, but the maritime OT context and CISA ICS advisory issuance (ICSA-26-148-01) underscore relevance to vessel operational security.

Information Disclosure Macgregor Voyage Data Recorder Vdr G4E
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-44611 MEDIUM PATCH CISA This Month

Weak password storage in the Danelec MacGregor VDR G4E exposes credentials to offline brute-force attack: the hashing algorithm in use both caps maximum password length and provides insufficient computational cost, meaning recovered hashes can be cracked with modest effort. An adjacent-network attacker holding low-privilege access who obtains the stored hashes can recover plaintext credentials and authenticate with elevated privileges to this safety-critical maritime recording system. No public exploit code has been identified at time of analysis and the CVE is not listed in CISA KEV, but the vulnerability affects all known versions of the G4E and is confirmed by CISA ICS advisory ICSA-26-148-01.

Information Disclosure Macgregor Voyage Data Recorder Vdr G4E
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-45555 HIGH PATCH This Week

Arbitrary code execution in Roslyn CodeLens MCP Server versions 0.0.9 through 1.17.0 allows attackers to run code in the MCP server process by tricking a victim into opening a malicious .NET solution. The get_diagnostics tool automatically loads and executes any DiagnosticAnalyzer DLL referenced by a .csproj without allowlist, signature validation, or user prompt, and includeAnalyzers defaults to true. No public exploit identified at time of analysis, but the attack pattern (malicious project file + attacker-controlled DLL) is well understood and trivial to weaponize.

RCE Code Injection Roslyn Codelens Mcp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-49366 HIGH PATCH This Week

Command injection in JetBrains IntelliJ IDEA before 2026.1.1 allows attackers to execute arbitrary OS commands by abusing the filename completion feature when a developer interacts with a crafted filename. The flaw is locally exploitable with user interaction required and has high impact on confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Command Injection Intellij Idea
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47260 HIGH PATCH GHSA This Week

Server-side request forgery in Koel (composer/phanan/koel <= 9.3.4) allows authenticated low-privilege users to coerce the server into fetching arbitrary internal URLs and stream the full response back to the attacker. The flaw stems from podcast episode enclosure URLs being persisted unvalidated despite SafeUrl checks being applied to the parent feed URL; no public exploit identified at time of analysis, but a detailed working PoC is published in the GHSA advisory.

Microsoft PHP SSRF
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-44285 HIGH PATCH This Week

Server-Side Request Forgery in Labring FastGPT prior to 4.15.0-beta1 lets an authenticated attacker bypass the platform's isInternalAddress network protection and pivot HTTP GET probes into internal services via the dataset preview endpoint. The flaw stems from an incomplete prior fix in the externalFile data import path, scoped-changed impact (S:C) elevates risk to adjacent systems, and no public exploit identified at time of analysis.

SSRF Fastgpt
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-45700 HIGH PATCH This Week

Out-of-bounds heap write in FreeRDP versions prior to 3.26.0 allows remote attackers to corrupt memory in the planar bitmap decoder when an RDP client connects to a malicious or compromised server. The flaw lives in freerdp_bitmap_decompress_planar() in libfreerdp/codec/planar.c, where attacker-controlled stride and X-destination values bypass bounds checks against the internal pTempData buffer. No public exploit identified at time of analysis, but the issue is fixed upstream in 3.26.0.

Memory Corruption Buffer Overflow Freerdp
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-44239 HIGH PATCH This Week

Local file inclusion in FreePBX versions prior to 16.0.22 and 17.0.5 allows authenticated remote attackers to include arbitrary .class.php files from the filesystem via path traversal in the Dashboard module's getcontent AJAX handler. The unsanitized $_REQUEST['rawname'] parameter is concatenated into a PHP include() call, and any included file's top-level code executes before the subsequent class instantiation fails. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but CWE-98 PHP file inclusion bugs are historically high-value targets in PBX systems exposed to the internet.

LFI PHP Path Traversal
NVD GitHub
CVSS 4.0
7.6
EPSS
0.0%
CVE-2026-44237 HIGH PATCH This Week

Authentication bypass in FreePBX api module (versions prior to 17.0.8) allows OAuth2 access tokens to be issued without verifying the client_secret, because the ClientRepository validateClient() method unconditionally returns true. An attacker who knows or guesses a valid client_id can mint tokens granting API access to the PBX, leading to unauthorized read and write operations against telephony configuration. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Information Disclosure PHP
NVD GitHub
CVSS 4.0
7.6
EPSS
0.0%
CVE-2026-9809 HIGH PATCH GHSA This Week

Stored cross-site scripting in Mautic 7's Projects component allows authenticated low-privilege users with project create/edit permissions to inject script payloads into project names that execute when administrators hover over project tags or popovers on campaign, email, or form detail views. Exploitation yields script execution in an administrator's authenticated session, enabling configuration tampering, privilege escalation through administrative actions, and exfiltration of sensitive data. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-49374 HIGH PATCH This Week

Information disclosure in JetBrains TeamCity prior to version 2026.1 allows authenticated low-privilege users to read sensitive build configuration parameters they should not have access to due to missing authorization checks. The flaw carries a CVSS 7.6 score driven by high confidentiality impact on a network-reachable CI/CD server, though no public exploit identified at time of analysis. Because TeamCity build parameters frequently contain secrets such as deployment credentials, signing keys, and API tokens, the disclosure can cascade into broader compromise of downstream systems.

Authentication Bypass Teamcity
NVD VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-47414 HIGH PATCH GHSA This Week

Cross-workspace label tampering in praisonai-platform <=0.1.2 lets any authenticated workspace member rewrite, delete, attach, detach, and enumerate labels belonging to other tenants because five label endpoints only check workspace membership and never verify that the URL-supplied label_id or issue_id actually belongs to that workspace. Reported by the upstream MervinPraison/PraisonAI project with a fix in 0.1.4; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Python Authentication Bypass
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-41281 HIGH This Week

OS command injection in Waterfall WF-500 RX Host version 7.9.1.0 R2502171040 allows an attacker who already controls the TX Host to execute arbitrary commands on the RX Host when a MySQL connector is configured on the unidirectional gateway. The flaw was discovered by Nozomi Networks Labs and there is no public exploit identified at time of analysis; EPSS is low at 0.18% (40th percentile).

Command Injection Wf 500
NVD
CVSS 4.0
7.5
EPSS
0.2%
CVE-2026-10056 HIGH PATCH This Week

Administrator account takeover in Network Optix Nx Witness VMS before 6.1.2 allows remote unauthenticated attackers to hijack authenticated user sessions through a CORS misconfiguration in the REST API when the product runs in default Standard security mode on Linux or Windows. By luring a logged-in operator to a malicious cross-origin page, the attacker's site can read credentialed REST responses and steal the session token, achieving full administrative takeover; no public exploit identified at time of analysis, but the issue is trivially weaponizable given the well-understood CORS attack pattern.

Microsoft Information Disclosure Cors Misconfiguration
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-46702 HIGH PATCH GHSA This Week

Remote denial-of-service in russh, a Rust implementation of the SSH protocol, allows unauthenticated remote attackers to exhaust server memory by sending small compressed SSH packets that inflate to massive sizes post-decompression. Affecting all versions from 0.34.0 through 0.61.0, the flaw stems from missing post-decompression size enforcement in Decompress::decompress(), allowing payloads under the 256 KiB wire cap to expand beyond 128 MiB. No public exploit identified at time of analysis, but the advisory includes a detailed PoC demonstrating pre-authentication exploitation against default server configurations.

Microsoft SSH Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35630 HIGH PATCH GHSA This Week

Authorization bypass in OpenClaw QQBot before 2026.5.18 allows non-approver users to resolve pending exec and plugin approval requests by clicking native approval buttons, because the configured approver identity is not enforced server-side. The flaw collapses a core access-control gate around command and plugin execution workflows, and no public exploit identified at time of analysis, though the GitHub Security Advisory GHSA-mgq6-vr84-7m2j and VulnCheck advisory provide enough detail to reproduce.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.0%
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy