Skip to main content
CVE-2026-37229 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC or iApp process by sending a single malformed byte over SCTP to ports 36421 or 36422. The flaw is a reachable assertion in e2ap_create_pdu() that fires before any protocol validation, affecting all three E2AP protocol versions (v1.01, v2.03, v3.01). No public exploit identified at time of analysis and EPSS is low (0.03%), but the trigger is trivial enough that public PoC could appear quickly.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37235 HIGH This Week

Denial of service in FlexRIC v2.0.0 allows remote unauthenticated attackers to impersonate any xApp by forging the xapp_id field in E42 messages sent to the iApp on port 36422, since the value is not bound to the sender's SCTP association. Misrouted responses corrupt the red-black tree state and can crash the targeted xApp, the RIC, or the iApp itself. No public exploit identified at time of analysis, and EPSS is very low (0.03%, 9th percentile) reflecting limited weaponization to date.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37233 HIGH This Week

Authorization bypass in FlexRIC v2.0.0 allows a malicious xApp to delete subscriptions belonging to other xApps connected to the same iApp instance, breaking multi-tenant isolation in O-RAN deployments. The root cause is a self-comparison bug in eq_xapp_ric_gen_id() that ignores the xApp identity dimension entirely. No public exploit identified at time of analysis, and EPSS probability is very low (0.02%).

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42673 HIGH This Week

Sensitive data exposure in the Logtivity Activity Logs, User Activity Tracking, Multisite Activity Log WordPress plugin (versions up to and including 3.3.6) allows remote unauthenticated attackers to retrieve embedded sensitive information from data sent by the plugin. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates network-reachable exploitation with no privileges or user interaction, though no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Information Disclosure Activity Logs User Activity Tracking Multisite Activity Log From Logtivity
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42674 HIGH This Week

Authentication bypass in the Advanced Access Manager (AAM) WordPress plugin through version 7.1.0 allows remote unauthenticated attackers to circumvent access controls via URL encoding manipulation, achieving high integrity impact on protected resources. The flaw is reported by Patchstack and tracked under CWE-290 (Authentication Bypass by Spoofing). No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Authentication Bypass Advanced Access Manager
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37221 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC by sending a forged RIC_SUBSCRIPTION_RESPONSE message to TCP port 36421 with an unknown ric_id that has no corresponding pending event. The vulnerability stems from an assert() check in the response handler that causes SIGABRT in Debug builds or a NULL pointer dereference (SIGSEGV) in Release builds. No public exploit identified at time of analysis, though the trivially low complexity and unauthenticated network reach make weaponization straightforward.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37220 HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 near-RT RIC allows unauthenticated attackers to crash the controller (port 36421) by completing an SCTP handshake and immediately disconnecting without sending any E2AP message. The cleanup path triggers a reachable assert() because the code assumes an SCTP-association-to-E2-node mapping always exists. No public exploit identified at time of analysis, but the trigger is trivial and the CVSS vector (AV:N/AC:L/PR:N/UI:N, A:H) reflects a low-effort network attack with high availability impact.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42677 HIGH PATCH This Week

Information disclosure in WP Document Revisions WordPress plugin versions before 4.0.0 allows unauthenticated remote attackers to access protected documents due to broken access control checks. The CVSS vector (AV:N/AC:L/PR:N/UI:N/C:H/I:N/A:N) indicates trivially exploitable confidentiality-only impact, and no public exploit identified at time of analysis, though Patchstack has cataloged the issue with a working proof reference.

Authentication Bypass Wp Document Revisions
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37225 HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 allows unauthenticated network attackers to crash the iApp process listening on TCP port 36422 by sending a malformed E42_RIC_SUBSCRIPTION_REQUEST containing an empty ricEventTriggerDefinition field. The bug stems from inconsistent validation between the E42 decoder and the downstream E2AP encoder, which aborts via SIGABRT on the missing constraint. No public exploit identified at time of analysis, but the trivial trigger condition (single crafted message, no authentication) makes opportunistic disruption of O-RAN near-RT RIC deployments realistic.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37227 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC process by sending a decodable E2AP PDU (such as E2nodeConfigurationUpdate) to port 36421, triggering an unconditional assert(0) in stub handlers for whitelisted-but-unimplemented message types. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) with SSVC indicating automatable exploitation and partial technical impact; no public exploit identified at time of analysis and the vulnerability is not in CISA KEV.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37223 HIGH This Week

Remote unauthenticated denial of service in FlexRIC v2.0.0 allows attackers to crash the entire near-RT RIC service by sending any decodable E2AP PDU with a message type outside the 9-entry whitelist to TCP port 36422. The iApp dispatcher uses assert() for validation, so an unexpected message type triggers SIGABRT in the shared iApp/RIC process, disconnecting all E2 Nodes and xApps. No public exploit identified at time of analysis, but the trivial attack complexity (AV:N/AC:L/PR:N/UI:N) and high availability impact make this a credible operational risk for O-RAN testbeds and lab deployments.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37224 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the iApp process on TCP/36421 by sending two E2_SETUP_REQUEST messages reusing the same E2 node configuration, abusing an assert()-based uniqueness check that triggers SIGABRT. The flaw affects FlexRIC, the open-source Near-RT RIC implementation from Eurecom's Mosaic5G project, with CVSS 7.5 reflecting high availability impact and no public exploit identified at time of analysis.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37222 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC (port 36421) or iApp (port 36422) by sending a valid E2AP PDU containing an unexpected number of Information Elements, triggering a SIGABRT via overly strict hardcoded assertions. The flaw affects open-source O-RAN near-real-time RAN Intelligent Controller deployments used in 5G research and testbeds, and no public exploit has been identified at time of analysis. The CVSS 7.5 reflects high availability impact with no confidentiality or integrity loss.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2022-4991 HIGH PATCH This Week

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE OpenSSL
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-10259 HIGH This Week

Stack-based buffer overflow in H3C Magic B0 routers (versions up to 100R002) allows remote authenticated attackers to corrupt memory via the SetMobileAPInfoById function in /goform/aspForm by manipulating the param argument. Publicly available exploit code exists (disclosed on GitHub and VulDB), and the vendor did not respond to disclosure outreach, leaving devices without an official fix. CVSS 4.0 score of 7.4 reflects high impact to confidentiality, integrity, and availability with low attack complexity.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-42675 HIGH This Week

Broken access control in Themefic Hydra Booking WordPress plugin through version 1.1.41 allows remote unauthenticated attackers to access functionality that should be restricted by authorization checks. The flaw stems from missing authorization (CWE-862) on plugin endpoints, with CVSS 7.3 reflecting low impact across confidentiality, integrity, and availability without requiring privileges or user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Authentication Bypass Hydra Booking
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-24092 HIGH This Week

Memory corruption in Qualcomm Snapdragon fastboot bootloader when processing commands that set the display mode allows a high-privileged local attacker with physical device access to corrupt memory and potentially execute code outside the bootloader's security context. The flaw, reported by Qualcomm and disclosed in their June 2026 security bulletin, affects Snapdragon platforms across the product line per the supplied CPE. No public exploit has been identified at the time of analysis, and the CVSS 7.2 score reflects the high privilege and physical access barriers that limit broad exploitation.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-24091 HIGH This Week

Memory corruption in Qualcomm Snapdragon fastboot bootloader processing allows a physically present attacker with high privileges to corrupt memory by submitting improperly formatted fastboot commands. The flaw carries a CVSS 7.2 score reflecting physical attack vector with scope change, and no public exploit identified at time of analysis. Disclosed in Qualcomm's June 2026 security bulletin, it affects Snapdragon platforms exposed during device provisioning, recovery, or firmware-flash workflows.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-24089 HIGH This Week

Memory corruption in Qualcomm Snapdragon fastboot bootloader handling allows a privileged local attacker with physical access to corrupt memory by issuing malformed fastboot commands, with scope change (CVSS S:C) indicating impact extends beyond the bootloader's security boundary. The flaw was disclosed by Qualcomm in the June 2026 security bulletin and carries a CVSS 3.1 base score of 7.2 (High). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-24087 HIGH This Week

Memory corruption in Qualcomm Snapdragon fastboot OEM command handling allows a local attacker with high privileges and physical access to compromise device confidentiality, integrity, and availability. The CVSS 7.2 score reflects the physical attack vector (AV:P) offset by high impact and scope change, and no public exploit identified at time of analysis. Disclosure originates from Qualcomm's June 2026 security bulletin.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-49135 HIGH PATCH This Week

Local privilege-level information disclosure and artifact tampering in CodexBar versions prior to 0.32.0 allows authenticated users on the same macOS host to read App Store Connect API keys and hijack release builds via predictable temporary file paths in the notarization workflow. The flaw stems from writing sensitive credentials and notarization archives to fixed, world-reachable locations rather than per-run private directories, enabling symlink races and pre-creation attacks. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Codexbar
NVD GitHub
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-24085 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon platforms stems from a stack-based memory corruption triggered while processing display command line information with an uninitialized variable. With CVSS 7.2 and a physical attack vector requiring high privileges, the flaw allows a privileged local attacker to corrupt memory and impact confidentiality, integrity, and availability across a changed security scope. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Stack Overflow Snapdragon
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2019-25716 HIGH This Week

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Infinity Delta Infinity Delta Xl Infinity Kappa
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-48119 HIGH PATCH GHSA This Week

Cross-tenant data forgery in Nezha monitoring dashboard allows any authenticated low-privilege user with a valid agent secret to submit fabricated service-monitor TaskResult messages for services owned by other tenants. The dashboard's inbound result worker validates only that the referenced service ID exists, skipping the ownership and coverage checks enforced on the outbound dispatch path, so attackers can poison victim service history and trigger victim-owned notifications containing attacker-controlled text. A working local proof-of-concept is published in the GHSA advisory; no public exploit identified at time of analysis in the wild, and the issue is not on CISA KEV.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-48209 HIGH This Week

Reflected cross-site scripting in OTRS 7.0.x and ((OTRS)) Community Edition 6.x and earlier allows remote attackers to execute arbitrary JavaScript in an authenticated agent's browser session by tricking the agent into clicking a crafted ticket-action URL. The CVSS 7.1 (UI:R) rating reflects the need for victim interaction, and no public exploit identified at time of analysis, but the high integrity impact and the ubiquity of OTRS-derived help-desk forks make this a meaningful risk for ticketing environments.

XSS Otrs Otrs Community Edition
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-45722 HIGH PATCH This Week

Blind SQL injection in the Nextcloud Tables app affects versions 0.9.0 through 0.9.6 and 1.0.0 through 1.0.1, allowing authenticated users with access to the Tables app to inject SQL into the ORDER BY clause of database queries. The flaw permits bit-by-bit data extraction or time-based exfiltration against the underlying database, and no public exploit identified at time of analysis. Patches are available in versions 0.9.7 and 1.0.2.

SQLi Nextcloud
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-46243 HIGH PATCH This Week

Local privilege escalation in the Linux kernel's SMB/CIFS client allows unprivileged userspace processes to forge cifs.spnego keys via add_key(2) or request_key(2), supplying attacker-controlled pid, uid, creduid, and upcall_target fields that cifs.upcall trusts as kernel-originated. Successful exploitation enables impersonation of CIFS credential negotiation, leading to high confidentiality, integrity, and availability impact on systems mounting SMB shares. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Linux Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2021-46747 HIGH This Week

Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures. Rated high severity (CVSS 7.1). No vendor patch available.

Information Disclosure Amd
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-24090 HIGH This Week

Boot flow tampering in Qualcomm Snapdragon platforms allows a local authenticated attacker to bypass cryptographic verification of partition table entries and modify the device's boot process, achieving high impact to confidentiality and integrity. Qualcomm disclosed the issue in its June 2026 security bulletin, classifying it as an authentication bypass affecting Snapdragon products. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the boot-chain location of the flaw makes it strategically valuable for persistent compromise.

Authentication Bypass Snapdragon
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-48865 HIGH This Week

Reflected cross-site scripting in ThimPress LearnPress WordPress plugin through version 4.3.6 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser when the victim clicks a crafted link. The CVSS scope-changed vector (S:C) indicates impact extends beyond the vulnerable component, typical of XSS reaching the WordPress admin context, and no public exploit has been identified at time of analysis.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-48839 HIGH This Week

DOM-based cross-site scripting in VeronaLabs WP Statistics plugin for WordPress through version 14.16.6 allows remote attackers to execute arbitrary JavaScript in a victim's browser when the user is lured into interacting with a malicious link or page. The CVSS 7.1 score reflects unauthenticated network exploitability with user interaction required and a scope change, but no public exploit code has been identified at time of analysis and the issue is not listed in CISA KEV.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-42683 HIGH This Week

DOM-based cross-site scripting in the e4jvikwp VikBooking Hotel Booking Engine & PMS WordPress plugin (versions up to and including 1.8.8) allows remote attackers to execute arbitrary JavaScript in a victim's browser after the victim interacts with a crafted link or page element. With CVSS 7.1 reflecting a scope change and user interaction requirement, the flaw can be used to hijack hotel administrator sessions or guest-facing booking workflows, though no public exploit identified at time of analysis.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-42681 HIGH This Week

Reflected cross-site scripting in the e2pdf WordPress plugin (versions up to and including 1.32.14) allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser after the victim clicks a crafted link. The flaw stems from improper neutralization of user input during web page generation (CWE-79) and carries a CVSS 3.1 score of 7.1 with a scope change. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-42678 HIGH This Week

DOM-based cross-site scripting in the GiveWP WordPress donation plugin (versions up to and including 4.14.5) allows remote attackers to execute arbitrary JavaScript in a victim's browser session after the victim interacts with an attacker-supplied link or page element. The flaw carries a CVSS 7.1 score driven by changed scope (S:C), meaning impact extends beyond the vulnerable component into the surrounding WordPress site context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Givewp
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-49139 HIGH PATCH This Week

Server-side request forgery in Nanobot (HKUDS) prior to 0.2.1 lets unauthenticated remote attackers exfiltrate Microsoft Bot Framework bearer tokens by poisoning the stored Teams conversation reference with an attacker-controlled serviceUrl. VulnCheck reported the issue and HKUDS shipped a fix in v0.2.1 (commit 232df45), but at time of analysis there is no public exploit identified and the CVE is not on CISA KEV. CVSS 4.0 of 7.0 reflects low vulnerable-system impact but High confidentiality/integrity impact on subsequent (downstream) systems - namely the Bot Framework tenant whose tokens are leaked.

Microsoft SSRF Nanobot
NVD GitHub
CVSS 4.0
7.0
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy