Skip to main content
CVE-2026-47418 HIGH PATCH GHSA This Week

{workspace_id}/projects/{project_id} only verify membership in the URL-supplied workspace, then perform primary-key-only lookups against the Project table without scoping by workspace_id. No public exploit identified at time of analysis, and EPSS/KEV signals are not provided for this advisory.

Python Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-47294 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft SharePoint Server (2016 Enterprise, 2019, and Subscription Edition) allows an authenticated attacker to execute arbitrary code on the server by submitting crafted serialized data that triggers unsafe deserialization. The CVSS 8.0 vector requires low privileges and user interaction, and no public exploit is identified at time of analysis. The flaw is significant because SharePoint servers typically run with high privileges inside enterprise environments and frequently host sensitive collaboration data.

Microsoft Command Injection Deserialization Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 +1
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-20452 HIGH This Week

Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user execution to corrupt memory and achieve remote code execution without user interaction. The flaw affects multiple MediaTek Wi-Fi chipsets commonly embedded in routers and access points (MT7615, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993, MT6890). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-0097 HIGH This Week

Privilege escalation in Google Android Bluetooth Low Energy (LE) pairing affects Android 14, 15, 16, and 16-qpr2, where a logic error allows an adjacent attacker to bypass the user interaction step normally required during LE device pairing. Successful exploitation grants elevated privileges without requiring the victim to approve the pairing prompt, and per SSVC the technical impact is total. No public exploit identified at time of analysis.

Privilege Escalation
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-0095 HIGH This Week

Local privilege escalation in the Android Bluetooth stack (Android 14, 15, 16, and 16-qpr2) allows an adjacent attacker to corrupt the heap of the privileged Bluetooth process via an integer overflow in l2c_fcr_clone_buf. No user interaction or additional execution privileges are required, and at time of analysis there is no public exploit identified, though SSVC rates the technical impact as total.

Privilege Escalation Integer Overflow
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-0059 HIGH This Week

Proximity-based remote code execution in Google Android (versions 14, 15, 16, and 16-qpr2) is possible via a heap buffer overflow in multiple functions of sdp_discovery.cc, the Bluetooth Service Discovery Protocol component. An adjacent attacker within Bluetooth range can trigger memory corruption without any user interaction, with no public exploit identified at time of analysis. The flaw resides in the native Bluetooth stack and could yield code execution at the privilege level of the Bluetooth process.

Heap Overflow RCE Buffer Overflow
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-22426 HIGH This Week

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) allows a low-privileged app to access URIs belonging to other users on the device due to a logic error across multiple functions in ComputerEngine.java. No user interaction or additional execution privileges are required, but exploitation is local and currently no public exploit is identified at time of analysis (EPSS 0.12%, SSVC exploitation: none).

Privilege Escalation Authentication Bypass
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22424 HIGH This Week

Local privilege escalation in Google Android 14, 15, 16, and 16-qpr2 allows a local attacker with low privileges to reveal images across user boundaries through improper input validation in multiple code locations. The flaw requires user interaction but no additional execution privileges, and carries a CVSS 7.8 (High) rating. EPSS exploitation probability is low at 0.09% (26th percentile), and there is no public exploit identified at time of analysis.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-10118 HIGH PATCH This Week

Local code execution in Poppler's Splash rendering backend allows attackers to compromise applications that open attacker-supplied PDFs by triggering an integer overflow in tilingPatternFill that produces an undersized heap allocation and a subsequent out-of-bounds write. The flaw affects Poppler as shipped across Red Hat Enterprise Linux 6 through 10 and Red Hat Hardened Images, with impact including arbitrary code execution, information disclosure, or denial of service in the rendering process. No public exploit identified at time of analysis, and the CVSS 7.8 vector requires user interaction to open a malicious PDF.

Information Disclosure RCE Buffer Overflow Denial Of Service Integer Overflow +6
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-20455 HIGH This Week

Local privilege escalation in MediaTek GenieZone (trusted execution environment) allows an attacker who has already gained System-level privileges on an affected device to write out-of-bounds memory and escalate further on the chipset. The flaw affects a broad range of MediaTek chipsets used in mobile and embedded devices, with no public exploit identified at time of analysis. CVSS is 7.8 (High) reflecting the high integrity, confidentiality, and availability impact despite the local attack vector.

Privilege Escalation Memory Corruption Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25259 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multiple IOCTL commands for escape operations. The flaw, reported by Qualcomm in its June 2026 security bulletin, affects Snapdragon graphics/driver components and can be triggered by a low-privileged local user to achieve high impact on confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25258 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during IOCTL escape operation processing, resulting in memory corruption. A local authenticated attacker with low privileges on an affected Snapdragon-based device can leverage the flaw to achieve high-impact compromise of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Information Disclosure Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59606 HIGH This Week

Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged local access to corrupt memory during secure data initialization, leading to high impact on confidentiality, integrity, and availability. The flaw is traceable to a NULL pointer dereference (CWE-476) reachable when heap memory is exhausted, and is addressed in the Qualcomm June 2026 security bulletin. No public exploit identified at time of analysis, and EPSS data was not provided.

Null Pointer Dereference Denial Of Service Buffer Overflow Snapdragon
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59605 HIGH This Week

Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-privileged local attacker to corrupt memory by supplying device identifier strings exceeding the expected maximum length. The CVSS 7.8 (AV:L/AC:L/PR:L) profile combined with CWE-787 out-of-bounds write indicates a classic stack/heap overflow path that can be leveraged for code execution with full confidentiality, integrity, and availability impact on affected devices. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow Snapdragon
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59604 HIGH This Week

Local memory corruption in Qualcomm Snapdragon platforms (CVE-2025-59604) allows a low-privileged local attacker to trigger invalid memory writes via a null pointer condition during a memory copy operation, resulting in high confidentiality, integrity, and availability impact (CVSS 7.8). The flaw is disclosed in the Qualcomm June 2026 security bulletin with no public exploit identified at time of analysis and no CISA KEV listing. While CWE-476 (null pointer dereference) typically yields denial of service, the vendor's CIA:H scoring indicates the invalid writes may be steerable into broader corruption beyond a simple crash.

Null Pointer Dereference Denial Of Service Buffer Overflow Snapdragon
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-8501 HIGH This Week

Local privilege escalation in PC Tools Internet Security (Symantec) is possible because the PCTCore64.sys kernel driver exposes its PCTCoreDriver WDM device interface to user-mode processes without adequate access controls, allowing low-privileged users to invoke privileged IOCTL handlers. CERT/CC tracked this as VU#158530 and the affected driver is a candidate for Microsoft's recommended driver block list; no public exploit identified at time of analysis, though the vulnerability class (BYOVD-style abuse) is well understood by attackers.

Microsoft Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25260 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon platforms stems from a Time-of-Check to Time-of-Use (TOCTOU) race condition in shared buffer handling, where kernel-mode code reads user-mode input without re-validation after initial checks. A low-privileged local attacker can corrupt memory to gain full confidentiality, integrity, and availability impact on the affected device. No public exploit identified at time of analysis, and the issue is documented in the Qualcomm June 2026 security bulletin.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43958 HIGH PATCH This Week

Stack-based buffer overflow in rrdcached (the caching daemon for rrdtool) allows a local attacker with socket access to crash the daemon or potentially execute arbitrary code by sending an oversized CREATE request. The flaw is tracked under CWE-121 with a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L), reported by Red Hat against RHEL 6 through 10, and there is no public exploit identified at time of analysis.

Buffer Overflow RCE Denial Of Service Stack Overflow Red Hat Enterprise Linux 10 +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0088 HIGH This Week

Local privilege escalation in Android 14, 15, 16, and 16-qpr2 stems from the getCallingAppLabel function in CertInstaller.java rendering a misleading or insufficient UI that can hide a sensitive security dialogue. A local low-privileged app can leverage this UI spoofing weakness (CWE-451) to obtain elevated privileges without requiring any user interaction. There is no public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.01%.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0087 HIGH This Week

Local privilege escalation in Android 14, 15, 16, and 16-qpr2 allows a malicious app to hijack arbitrary App Links due to a logic flaw in DomainVerificationService.approvalLevelForDomainInternal. No public exploit identified at time of analysis and EPSS is very low (0.01%), but the bug requires no user interaction and no additional execution privileges, making it attractive for chaining within malicious apps. Google addressed the issue in the June 2026 Android Security Bulletin.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0078 HIGH This Week

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) stems from improper input validation in the setGlobalProxy method of DevicePolicyManagerService.java, causing a desynchronization in persistence state. A local attacker with low-level privileges can exploit this without user interaction to elevate to higher privileges on the device, with no public exploit identified at time of analysis and an EPSS score of 0.01% indicating minimal observed exploitation activity.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0077 HIGH This Week

Local privilege escalation in Google Android 16-qpr2 stems from a logic error in ActivityRecord.java's resumeConfigurationDispatch routine that permits unauthorized background activity launches (BAL bypass). A local attacker with low privileges can elevate to higher privileges without any user interaction, with no public exploit identified at time of analysis and an EPSS score of 0.01% indicating very low near-term exploitation probability.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0076 HIGH This Week

Local privilege escalation in Android 14, 15, and 16 (including 16-qpr2) stems from an out-of-bounds read in the validateNode function of ResourceTypes.cpp, part of the Android resource parsing layer. A local attacker running an unprivileged app can leverage the flaw to elevate privileges without user interaction. No public exploit identified at time of analysis and EPSS is very low (0.01%), but the issue is addressed in the June 2026 Android Security Bulletin.

Privilege Escalation Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0045 HIGH This Week

Local privilege escalation in the Android Bluetooth stack (versions 14, 15, 16, and 16-qpr2) allows an attacker with low privileges to bypass the bonding requirement for secure RFCOMM connections via a logic flaw in bta_jv_rfcomm_connect. No user interaction is required, and no public exploit identified at time of analysis, though Google has issued a fix in the June 2026 Android Security Bulletin.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0036 HIGH This Week

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) is possible via a tapjacking/overlay attack against the startAnimation function in StageCoordinator.java. An attacker with local code execution can elevate privileges without user interaction or additional execution rights. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.01%).

XSS Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0009 HIGH This Week

Local privilege escalation in Google Android 15 and 16 enables a low-privileged app to perform tapjacking due to a logic error spanning multiple code locations, with no user interaction required. The flaw, tracked as CVE-2026-0009 and disclosed in the June 2026 Android Security Bulletin, has no public exploit identified at time of analysis, but SSVC scoring deems exploitation automatable with partial technical impact. EPSS is very low (0.01%, 1st percentile), suggesting limited near-term mass exploitation pressure.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48652 HIGH This Week

Local privilege escalation in Android 15, 16, and 16-qpr2 enables a low-privileged process to bypass Mobile Device Management (MDM) policy controls through a logic error in the InstallRepository.kt performPreInstallChecks function. No public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.01%, but the flaw permits silent policy circumvention without user interaction on enterprise-managed devices. Patched in the June 2026 Android Security Bulletin.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26418 HIGH This Week

Local privilege escalation in Google Android 14 and 15 allows a low-privileged app to bypass the user disclaimer dialog when adding an account to a managed automotive device, due to a missing permission check in CarDevicePolicyService.setUserDisclaimerAcknowledged. The flaw enables silent account provisioning on managed (enterprise) car devices without the user's awareness or consent, and no public exploit is identified at time of analysis. EPSS is negligible (0.01%) and SSVC marks exploitation as 'none', so the issue is real but not currently weaponized.

Privilege Escalation Authentication Bypass
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48649 HIGH This Week

Local privilege escalation in Google Android versions 14, 15, 16, and 16-qpr2 allows a malicious app to reset user-selected permission choices by bypassing the permission enforcement logic (CWE-693, Protection Mechanism Failure). The flaw requires no user interaction and only low privileges already available to any installed app, but at present there is no public exploit identified at time of analysis and EPSS rates real-world exploitation probability at just 0.01%.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28580 HIGH This Week

Local privilege escalation in Google Android 16 and 16-qpr2 allows an attacker with low-privilege code execution on the device to gain elevated privileges by exploiting an incorrect bounds check that causes a desync in persistence logic across multiple functions. Categorized as CWE-120 buffer overflow with high confidentiality, integrity, and availability impact, the flaw requires no user interaction and has no public exploit identified at time of analysis. CISA SSVC scoring indicates no observed exploitation but rates technical impact as total.

Privilege Escalation Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28577 HIGH This Week

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) stems from a tapjacking/overlay weakness in the addWindow function of WindowManagerService.java. A locally-installed malicious app holding low privileges can draw deceptive overlays to hijack user taps and gain elevated permissions without requiring further user interaction. No public exploit identified at time of analysis, and SSVC indicates exploitation is not currently observed, but technical impact is rated total.

XSS Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0100 HIGH This Week

Local privilege escalation in Android (versions 14, 15, 16, and 16-qpr2) stems from a heap buffer overflow in the LoadedArsc.cpp resource table loader, allowing a low-privileged local process to write out of bounds and gain elevated execution privileges without user interaction. No public exploit identified at time of analysis, and SSVC scoring indicates exploitation has not been observed despite a 'total' technical impact rating. Patches are tracked in the June 2026 Android Security Bulletin.

Privilege Escalation Heap Overflow Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0099 HIGH This Week

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) allows a low-privileged local app to launch an arbitrary activity from the background by abusing a logic error in HostEmulationManager.onNullBinding(). Exploitation requires user interaction but no extra execution privileges, and no public exploit has been identified at time of analysis.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0098 HIGH This Week

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) allows a low-privileged app to bypass activity start restrictions through a confused deputy flaw in getCallingPackageName of Shared.java. No user interaction is required, and exploitation can yield high impact to confidentiality, integrity, and availability. No public exploit is identified at time of analysis, and SSVC indicates no observed exploitation in the wild.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0096 HIGH This Week

Local privilege escalation in Android 16 and Android 16-qpr2 allows a low-privileged app to deceive the user into forgetting a paired Bluetooth or companion device via a misleading UI in the ForgetDeviceDialogFragment. No public exploit identified at time of analysis, and CISA SSVC marks exploitation status as 'none' with total technical impact. The flaw is a UI spoofing weakness (CWE-451) reachable without any user interaction beyond normal dialog acknowledgement.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0093 HIGH This Week

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) stems from a misleading UI caused by UI obfuscation across multiple components, enabling a low-privileged local app to elevate privileges without user interaction. No public exploit identified at time of analysis, and SSVC indicates exploitation status is 'none' despite a total technical impact rating.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0091 HIGH CERT-EU This Week

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) allows a low-privileged shell user to execute code within the launcher process due to over-privileged shell user permissions in multiple code locations. The flaw requires no user interaction and no additional execution privileges, enabling an attacker with shell-level access to gain elevated privileges. No public exploit identified at time of analysis, and SSVC indicates no observed exploitation, though technical impact is rated total.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0089 HIGH This Week

Local privilege escalation in Google Android (16-qpr2) allows a low-privileged local app to install unverified applications by abusing missing permission checks in PackageInstallerService.java. The flaw requires no user interaction and no public exploit identified at time of analysis, but its presence on Android's app install path makes it a strong candidate for inclusion in malicious app payloads.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48570 HIGH This Week

Local privilege escalation in Google Android 14's PipTaskOrganizer component allows a low-privileged app to launch activities from the background by abusing a confused deputy condition, requiring no user interaction. The CVSS 7.8 (AV:L/AC:L/PR:L) reflects local attack vector with low privileges, and per the available data there is no public exploit identified at time of analysis (EPSS 0.01%, not on CISA KEV).

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32348 HIGH This Week

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) allows a low-privileged app to launch background activities without the required permission check, enabling elevation to higher-privileged execution contexts without user interaction. The flaw, tracked as EUVD-2025-210011 and addressed in the June 2026 Android Security Bulletin, carries a CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N) with high impact across confidentiality, integrity, and availability; no public exploit identified at time of analysis and EPSS is 0.01%, indicating very low predicted exploitation probability in the near term.

Privilege Escalation Authentication Bypass
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0094 HIGH This Week

Local privilege escalation in Android 14 through 16-qpr2 stems from misleading UI rendering in KeyChainActivity's getApplicationLabel function, which can deceive users into granting certificate access to a malicious application. SSVC indicates no observed exploitation and the attack is not automatable, but technical impact is rated total, and no public exploit was identified at time of analysis.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-38950 HIGH This Week

Arbitrary code execution in ESA AnomalyMatch before 1.3.1 allows local attackers with low privileges to run code under the application's process by planting a malicious PyTorch checkpoint into a session directory, which is loaded via torch.load() with weights_only=False. No public exploit is identified at time of analysis, but the upstream fix (PR #9) and a third-party advisory (imlabs.info) confirm the unsafe-deserialization root cause and the migration to safetensors.

Checkpoint RCE Deserialization N A
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24782 HIGH This Week

SQL injection in Kiteworks Secure Data Forms before version 9.3.0 allows an authenticated attacker holding the FormBuilder role to read and tamper with other users' form definitions and certain global configuration parameters. The flaw affects the Kiteworks private data network platform, carries a CVSS 7.6 (high) severity rating, and no public exploit identified at time of analysis. Exploitation requires valid credentials with a specific role, narrowing the threat to insiders or attackers who have already obtained role-bearing accounts.

SQLi Secure Data Forms
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-40964 HIGH This Week

Authentication bypass in Cloud Foundry's cf-auth-proxy (log-cache_release through v3.2.6) lets a remote unauthenticated attacker mint a JWT that the proxy accepts as a valid logs.admin token, granting read access to every application and platform-component log and metric across the foundation. CVSS 7.5 with AV:N/AC:L/PR:N reflects trivially-reachable, network-based exploitation; no public exploit has been identified at time of analysis, but the CVSS vector includes E:P indicating proof-of-concept maturity per the issuing CNA (VMware).

Authentication Bypass Log Cache Release Cf Deployment
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-49134 HIGH PATCH This Week

Local privilege escalation in CodexBar prior to 0.32.0 allows a same-user attacker to execute arbitrary commands as root by winning a TOCTOU race against the CLI installer's temporary file. The installer writes a privileged shell payload via mktemp and invokes it through bash under an administrator prompt, leaving a window in which the file body can be swapped before approval. No public exploit identified at time of analysis, but VulnCheck published an advisory and the upstream patch is merged.

Privilege Escalation Codexbar
NVD GitHub
CVSS 4.0
7.5
EPSS
0.1%
CVE-2026-49361 HIGH PATCH GHSA This Week

Denial of service in Apache Fluss (incubating) versions 0.8.0 and 0.9.0 allows unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer components by sending specially crafted Netty frame headers. The flaw stems from a misconfigured LengthFieldBasedFrameDecoder accepting Integer.MAX_VALUE (~2GB) as the maximum frame length, enabling memory exhaustion with minimal attacker effort. No public exploit identified at time of analysis, and EPSS scores exploitation probability at only 0.05% (17th percentile), suggesting limited current attacker interest despite the network-reachable attack surface.

Apache Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37231 HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the iApp component (TCP/36422) by exhausting a 16-bit xapp_id counter through repeated E42_SETUP_REQUEST messages. The integer wraparound produces duplicate xApp identifiers that violate internal data-structure invariants, terminating the RIC service. No public exploit identified at time of analysis, and EPSS estimates exploitation probability at just 0.05%, though the attack is conceptually trivial to script.

Denial Of Service Integer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37226 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated network attackers to crash the iApp process by sending an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node, triggering either a SIGABRT (Debug builds via assert) or SIGSEGV (Release builds via NULL pointer dereference) on TCP port 36422. No public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), but the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and trivial trigger conditions make this a meaningful availability risk for any exposed FlexRIC RAN Intelligent Controller deployment.

Null Pointer Dereference Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37230 HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 near-RT RIC allows unauthenticated attackers to crash the controller process by sending a RIC_INDICATION message containing an unregistered ran_func_id, which causes the registry lookup to return NULL and trigger either an assertion failure (SIGABRT in Debug builds) or a NULL pointer dereference (SIGSEGV in Release builds). The flaw is reachable over the network on port 36421 with no authentication or user interaction, though EPSS remains low at 0.04% and there is no public exploit identified at time of analysis. KEV does not list this issue.

Null Pointer Dereference Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37228 HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 allows unauthenticated attackers to crash near-RT RIC, iApp, E2 Agent, or xApp processes by sending a single oversized SCTP message (>=32,768 bytes) to ports 36421 or 36422. The flaw is a reachable assertion in e2ap_recv_sctp_msg() that triggers SIGABRT in debug builds, while NDEBUG release builds face a signed-to-unsigned integer overflow leading to potential out-of-bounds reads. No public exploit identified at time of analysis and EPSS probability is very low (0.04%), but the trivial preconditions make this a meaningful availability risk for O-RAN deployments.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy