Skip to main content
CVE-2025-48595 HIGH POC KEV THREAT NEWS Act Now

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) stems from an integer overflow (CWE-190) that can be triggered without user interaction to achieve code execution. With CVSS 8.4 and SSVC technical impact rated 'total,' a local attacker on the device can elevate privileges across security boundaries without additional execution rights. No public exploit identified at time of analysis and SSVC reports exploitation status as 'none.'

Privilege Escalation RCE Integer Overflow
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
Threat
4.7
CVE-2026-43624 HIGH POC PATCH This Week

Arbitrary file write in F5-TTS through 1.1.20 allows unauthenticated remote attackers to create directories and write attacker-controlled JSON anywhere the server process has write access by abusing unsanitized project_name parameters in the finetune Gradio interface. The flaw stems from passing user input directly to os.path.join() - supplying an absolute path bypasses the intended base directory entirely. Publicly available exploit code exists, and an upstream patch has been merged via PR #1294.

Path Traversal F5 Tts
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25434 HIGH POC This Week

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25433 HIGH POC This Week

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Information Disclosure
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25428 HIGH POC This Week

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-49491 HIGH POC This Week

Unauthenticated SQL injection in Pixa Bank 2.0 allows remote attackers to exfiltrate database contents by submitting UNION-based payloads in the 'rib' parameter of the agence-ajax.php endpoint. Publicly available exploit code exists (Packet Storm) and the issue was disclosed by VulnCheck, making opportunistic exploitation likely against any internet-exposed instance. No public exploit identified at time of analysis as actively exploited in the wild (not on CISA KEV), but the trivial attack complexity and existing PoC elevate practical risk.

PHP Information Disclosure SQLi
NVD
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-49136 HIGH POC PATCH This Week

Path traversal in Banana Slides through 0.4.0 allows unauthenticated remote attackers to read arbitrary image-format files outside the uploads directory via the generate_image() function in the AI service backend. The flaw stems from an incomplete prefix check using os.path.startswith() without a trailing separator, letting sibling directories whose names share the uploads folder prefix bypass containment. Publicly available exploit code exists (GitHub issue #429), and a vendor patch has been released in commit e8bc490.

Path Traversal Banana Slides
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-43623 HIGH POC Monitor

Stack-based buffer overflow in microtar through 0.1.0 allows remote attackers to corrupt stack memory and potentially achieve code execution when an application using the library parses a malicious TAR archive. The flaw in raw_to_header() uses strcpy() on non-null-terminated 100-byte ustar fields, enabling writes of up to 355 bytes into a 100-byte buffer. Publicly available exploit code exists and the issue was reported by VulnCheck, raising the practical risk despite no current CISA KEV listing.

Buffer Overflow Stack Overflow Microtar
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2018-25432 HIGH POC This Week

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Arm Whois
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2024-52011 HIGH POC PATCH GHSA This Week

launch-editor allows users to open files with line numbers in editor from Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Microsoft Command Injection Launch Editor Vite
NVD GitHub
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-70099 HIGH POC This Week

Denial of service in lwext4 1.0.0 allows remote attackers to crash applications by supplying a malformed EXT4 filesystem image that triggers a NULL pointer dereference in ext4_dir_en_get_name_len during directory iteration. The flaw affects the 2016-era lwext4 codebase commonly embedded in IoT, bootloaders, and forensic tools that mount untrusted EXT4 images. Publicly available exploit code exists, though EPSS rates real-world exploitation probability as very low (0.02%, 4th percentile).

Null Pointer Dereference Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-10270 HIGH POC This Week

Stack-based buffer overflow in D-Link DI-7001 MINI routers (firmware up to 19.09.19A1) allows authenticated remote attackers to corrupt memory via the Time parameter passed to the sprintf function in /httpd_debug.asp. Publicly available exploit code exists on GitHub, and the CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact with low privilege requirement and no user interaction. The vulnerability targets an embedded networking appliance commonly deployed at SMB and branch-office perimeters, increasing exposure risk where the management interface is reachable.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-10206 HIGH POC This Week

Stack-based buffer overflow in D-Link DI-8400 routers through firmware 16.07.26A1 allows authenticated remote attackers to corrupt memory by manipulating the 'str' parameter in /dbsrv.asp, potentially achieving code execution on the device. Publicly available exploit code exists, raising the practical risk despite the requirement for low-level privileges per the CVSS 4.0 vector. The original researcher advisory notes contradictory parameter names, introducing some uncertainty about the exact trigger field.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-10293 HIGH POC This Week

Stack-based buffer overflow in UTT HiPER 1200GW routers (firmware up to 2.5.3-170306) allows authenticated remote attackers to corrupt memory via the Profile parameter in the /goform/formFireWall endpoint, where unsafe strcpy usage processes the input. Publicly available exploit code exists, increasing the realistic risk of attempted compromise against exposed management interfaces. No CISA KEV listing has been published, so exploitation is not yet confirmed active in the wild.

Buffer Overflow Stack Overflow Hiper 1200Gw
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10292 HIGH POC This Week

Stack-based buffer overflow in UTT HiPER 1200GW routers (firmware versions up to 2.5.3-170306) allows remote authenticated attackers to corrupt memory via the strcpy function in the /goform/formTaskEdit endpoint. Publicly available exploit code exists, raising the practical risk despite the requirement for low-level privileges. No KEV listing or EPSS data is provided in the input, so widespread automated exploitation has not been confirmed.

Buffer Overflow Stack Overflow Hiper 1200Gw
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2018-25431 HIGH POC This Week

No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi No Cms
NVD Exploit-DB GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2018-25430 HIGH POC This Week

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2018-25429 HIGH POC This Week

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-9614 HIGH This Week

Privilege escalation to administrative access in Ivanti Neurons for ITSM (both cloud and on-premises deployments) allows a remote authenticated attacker to bypass access controls and obtain admin-level permissions. The flaw carries a CVSS 8.8 rating with low attack complexity, and Ivanti has published a security advisory; no public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.

Ivanti Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-7770 HIGH PATCH This Week

Remote code execution in IBM i Access Client Solutions (ACS) versions 1.1.5.0 through 1.1.9.12 allows authenticated attackers to execute arbitrary code on systems where ACS is configured to listen for requests from IBM i Navigator. The flaw, rated CVSS 8.8 with high impact across confidentiality, integrity, and availability, requires low privileges and no user interaction, making it a serious threat in enterprise IBM i environments. There is no public exploit identified at time of analysis and the CVE is not currently in CISA KEV.

IBM RCE
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-40543 HIGH This Week

Unauthenticated information disclosure in SOPlanning version 1.55 and below allows remote attackers to download backup archives and configuration files directly from backup endpoints without any authentication, exposing the user database with password hashes and sensitive configuration data. The CVSS 4.0 score of 8.8 reflects high confidentiality impact over the network with no privileges or user interaction required, and no public exploit identified at time of analysis. Disclosure was coordinated through CERT.PL, indicating a vetted advisory rather than opportunistic discovery.

Authentication Bypass
NVD
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-45505 HIGH PATCH GHSA This Week

Remote code execution in Apache ActiveMQ Broker, ActiveMQ All, and ActiveMQ (versions before 5.19.7 and 6.0.0 before 6.2.6) allows authenticated attackers to bypass the CVE-2026-34197 fix using non-parenthesized discovery wrappers such as `masterslave:vm://...` and `static:vm://...`, which incorrectly pass validation and trigger the VM transport's brokerConfig parameter to load a remote Spring XML application context. The flaw abuses the Jolokia JMX-HTTP bridge at /api/jolokia/ to invoke BrokerService.addNetworkConnector/addConnector MBean operations, resulting in arbitrary code execution on the broker JVM. EPSS is low at 0.06% (19th percentile) and no public exploit identified at time of analysis, but the patch bypass nature and prior in-the-wild interest in ActiveMQ RCE chains warrant urgent patching.

Java RCE Apache Activemq Activemq Broker
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-35563 HIGH PATCH GHSA This Week

Improper certificate hostname validation in the Apache Directory LDAP API client allows network-positioned attackers to impersonate LDAP servers and intercept authenticated directory traffic. The flaw was disclosed via the oss-security mailing list on 2026-06-01 and is tracked under CWE-297; no public exploit identified at time of analysis. With a CVSS 4.0 score of 8.8 and high confidentiality/integrity impact, the issue is significant for applications that rely on this library to connect to LDAP/LDAPS endpoints.

Apache Buffer Overflow
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-25277 HIGH This Week

Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer overflow that crosses a security boundary (scope changed) and compromises confidentiality, integrity, and availability of the device. The flaw is reported directly by Qualcomm in the June 2026 security bulletin and carries a CVSS 3.1 base score of 8.8 with no public exploit identified at time of analysis. Strongbox is the hardware-backed keystore used to protect cryptographic material, so successful exploitation undermines a core trust component of Snapdragon-based mobile platforms.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25276 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox trusted execution component, where a missing bounds check enables memory corruption from a low-privileged context. A successful exploit crosses a trust boundary (CVSS scope=Changed) and yields high impact to confidentiality, integrity, and availability on the affected device. No public exploit identified at time of analysis, and EPSS data was not provided alongside this advisory.

Buffer Overflow Snapdragon
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-49157 HIGH PATCH GHSA This Week

Privilege escalation in Apache ActiveMQ versions before 5.19.7 and 6.0.0 through 6.2.5 allows authenticated low-privilege web-login users to invoke administrative Jolokia operations such as addQueue and removeQueue due to overly permissive default authorization settings. The CVSS 8.8 score reflects high impact on confidentiality, integrity, and availability, though EPSS exploitation probability sits at just 0.01% and no public exploit identified at time of analysis. The flaw effectively collapses the broker's privilege boundary between normal web users and administrators.

Privilege Escalation Apache
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9024 HIGH This Week

Stored cross-site scripting in Dassault Systèmes DELMIA Service Process Engineer (Process Experience Studio component) across releases 3DEXPERIENCE R2024x through R2026x allows an authenticated low-privilege attacker to inject persistent script payloads that execute in another user's browser session. With a CVSS 3.1 base of 8.7 driven by scope change and high confidentiality/integrity impact, successful exploitation can compromise the victim's 3DEXPERIENCE session data and authority across trust boundaries. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-40546 HIGH This Week

SQL injection in SOPlanning 1.55 and earlier allows authenticated low-privileged users to inject arbitrary SQL commands across multiple endpoints and parameters, potentially leading to full database compromise. The flaw was reported by CERT Polska and carries a CVSS 4.0 score of 8.7, but no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

SQLi
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-42251 HIGH This Week

Credential exposure in Kamsoft KS-SOMED medical software allowed remote unauthenticated attackers to authenticate to the FTP server hosting application update packages by extracting hard-coded credentials from the KSPLUPDFTP.exe and ANEKSKLIENT.EXE modules. While the vendor states the exposed credentials ultimately had only read-only access, the original threat model included an attacker uploading a malicious update file that would propagate to client machines as a legitimate update. No public exploit identified at time of analysis.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2024-40646 HIGH This Week

Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Vertex
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-37232 HIGH This Week

Denial of service in OpenAirInterface5G 2.4.0 (nr-softmodem) allows unauthenticated remote attackers to crash an entire 5G base station by triggering a divide-by-zero in the E2SM-KPM RAN Function's PRB utilization calculation. By flooding E42 subscription requests through the FlexRIC iApp on port 36422/SCTP, an attacker forces consecutive identical PRB aggregate samples that produce a zero divisor, raising SIGFPE and interrupting service for all connected UEs. No public exploit identified at time of analysis, and EPSS probability is very low at 0.03%, but the unauthenticated network vector and total cell outage make this a high-impact availability flaw.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2019-25718 HIGH This Week

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Infinity Explorer C700
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-9330 HIGH PATCH This Week

Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 allows authenticated attackers to abuse unsafe Java deserialization in the SAML Web Single Sign-On component to run arbitrary code via a crafted HTTP request combined with a gadget chain. The flaw carries a CVSS 8.5 with scope change, and while no public exploit has been identified at time of analysis, deserialization gadget chains for WebSphere are historically well-researched. IBM has released a patch via support advisory node/7274733.

IBM RCE Deserialization
NVD VulDB
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-32325 HIGH This Week

Local privilege escalation in Fujitsu ServerView Agents for Windows V11.60.04 and earlier enables an authenticated low-privileged user to chain privileges and obtain SYSTEM-level access on the host. The flaw was reported by JPCERT/CC and is documented in JVN advisory JVN67883085 and FSAS Technologies advisory 0529; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-27788 HIGH This Week

Local privilege escalation in Fujitsu ServerView Agents for Windows version 11.60.04 and earlier allows an authenticated low-privileged user on the host to obtain SYSTEM-level privileges through incorrect permission assignment on a critical resource. The flaw is reported by JPCERT/CC under JVN#67883085 with a CVSS 4.0 score of 8.5; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-47415 HIGH PATCH GHSA This Week

Cross-workspace Insecure Direct Object Reference in praisonai-platform versions prior to 0.1.4 allows any authenticated workspace member to read, modify, or delete issues belonging to other tenants by supplying a known issue UUID against their own workspace path. The issue CRUD endpoints validate workspace membership but never verify that the targeted issue actually belongs to that workspace, breaking multi-tenant isolation. No public exploit identified at time of analysis, but the vulnerability is source-verified end-to-end with an upstream fix released as version 0.1.4.

Python Authentication Bypass
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-37234 HIGH This Week

Resource exhaustion and stale-state accumulation in FlexRIC v2.0.0 allows unauthenticated remote attackers to bind multiple xApp identifiers to a single SCTP connection via repeated E42_SETUP_REQUEST messages, where only the first xapp_id is cleaned up on disconnect. The remaining orphaned registrations and their subscriptions persist in the iApp, enabling progressive memory/state corruption that maps to the CVSS 8.2 (AV:N/AC:L/PR:N/UI:N) high-availability impact. No public exploit identified at time of analysis and EPSS is very low (0.05%, 17th percentile), but the unauthenticated network reachability of the E2 termination makes this a meaningful availability risk for O-RAN testbeds running this build.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-47423 HIGH PATCH GHSA This Week

Cross-site scripting via sanitizer bypass affects DOMPurify 3.4.4, the widely used npm HTML sanitization library maintained by cure53. The flaw stems from `<selectedcontent>` being permitted by default, allowing attackers to leverage browser re-cloning behavior so that an XSS payload is reinjected into a subtree DOMPurify has already walked. No public exploit identified at time of analysis in the form of in-the-wild attacks, but a fully working PoC is published in the GHSA advisory and active exploitation status is not listed in CISA KEV.

XSS Google Apple Mozilla
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-24752 HIGH This Week

Reflected cross-site scripting in Kiteworks Secure Data Forms (versions prior to 9.3.0) allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser after the victim is lured into clicking a crafted link. The CVSS 8.2 score is elevated by a changed scope (S:C) and high confidentiality impact, reflecting potential session theft or pivoting against the Kiteworks Private Data Network; no public exploit identified at time of analysis and not present in CISA KEV.

XSS Secure Data Forms
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-24751 HIGH PATCH This Week

Reflected cross-site scripting in Kiteworks Secure Data Forms prior to version 9.3.0 allows external attackers to execute arbitrary JavaScript in a victim's browser session by tricking them into clicking a crafted link. The flaw carries a CVSS 8.2 due to scope change (S:C) and high confidentiality impact, but exploitation requires user interaction. At time of analysis, no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

XSS Secure Data Forms
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-45545 HIGH PATCH This Week

SQL injection in the Nextcloud Tables app allows authenticated users with access to the Tables feature to execute arbitrary SQL queries against the backend database via a stored injection vector. Although a 20-byte length limit is imposed on the injected payload, carefully crafted input can break out of this restriction, enabling data extraction and modification. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Nextcloud
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-43625 HIGH PATCH This Week

Cleartext session cookie exposure in CodexBar (a macOS menu bar AI provider client) prior to 0.32.0 allows network-positioned attackers to intercept imported browser session cookies for Amp and Ollama providers. The client failed to enforce HTTPS before reattaching imported cookies when a provider-controlled redirect pointed to a cleartext HTTP endpoint inside the same provider domain, leaking authentication material in plaintext. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Codexbar
NVD GitHub
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-24088 HIGH This Week

Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a specific partition and load a customized (unsigned or tampered) bootloader, breaking the device's chain of trust. The flaw, reported by Qualcomm itself in its June 2026 security bulletin, carries a CVSS of 8.2 with scope change due to its impact on trusted firmware boundaries, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Authentication Bypass Snapdragon
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-44825 HIGH GHSA This Week

Hardcoded credentials in Apache Solr 9.4.0 through 9.10.1 and 10.0.0 allow remote attackers to obtain full administrative access to clusters that bootstrapped Basic Authentication via the bin/solr auth enable tool. The setup script silently installs template accounts (superadmin, admin, search, index) with publicly known default passwords alongside the user-specified account, and no public exploit identified at time of analysis though the credentials are documented and trivially reusable.

Apache Authentication Bypass
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-42588 HIGH PATCH GHSA This Week

Authenticated remote code execution in Apache ActiveMQ Classic (versions before 5.19.7 and 6.0.0 through 6.2.5) is achievable via the Jolokia JMX-HTTP bridge exposed at /api/jolokia/ on the web console. An authenticated attacker can invoke BrokerService.addNetworkConnector with a crafted masterslave:// discovery URI that loads a Spring XML application context, instantiating attacker-controlled singleton beans (e.g., Runtime.exec()) on the broker JVM. No public exploit identified at time of analysis and EPSS is low (0.06%), but the vendor-released patches and CVSS 8.1 score reflect a significant risk to message brokers exposing the web console.

Java RCE Apache
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-41013 HIGH PATCH This Week

Privilege escalation in Cloud Foundry smb-volume-release (prior to v3.60.0) and CF Deployment (prior to v56.0.0) lets a low-privileged CF space developer smuggle arbitrary CIFS mount options past the mount-option allowlist, gaining kernel-level mount control on shared Diego cells. The flaw maps to CWE-88 (argument injection) and carries CVSS 8.1 with low-privilege network exploitation; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Privilege Escalation Smb Volume Release Cf Deployment
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-45281 HIGH PATCH This Week

Improper authorization in the Nextcloud Server CalDAV backend allows an authenticated user who knows another user's principal URL to gain full read/write access to that user's calendar in versions 32.0.0 to before 32.0.9 and 33.0.0 to before 33.0.3. The flaw was reported via HackerOne (report 3545964) and patched in PR 59962 by introducing dedicated ProxyRead/ProxyWrite ACL-aware classes; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-45156 HIGH PATCH This Week

Authentication bypass in Nextcloud's User OIDC app (versions 0.3.0-3.0.x, 5.0.0-5.0.x, and 6.0.0-6.3.x) allows a malicious ID4me authority to impersonate arbitrary users due to missing JWT signature verification in the ID4me login flow. The flaw stems from a literal 'TODO: VALIATE SIGNATURE!' code comment that left ID tokens accepted without cryptographic validation, enabling identity spoofing once a victim is redirected through the attacker-controlled authority. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-47412 HIGH PATCH GHSA This Week

{id} request. The DELETE endpoint enforces only member-level authorization instead of owner-level, and the destructive action is silent, immediate, and without recovery path. No public exploit identified at time of analysis, but source-level analysis confirms the gap and a vendor patch is available.

Privilege Escalation Python
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-47417 HIGH PATCH GHSA This Week

Cross-workspace Insecure Direct Object Reference in praisonai-platform versions prior to 0.1.4 allows any authenticated workspace member to read and inject comments on issues belonging to any other tenant in a multi-tenant deployment. The comment endpoints validate workspace membership but never verify that the URL-supplied issue_id actually belongs to that workspace, breaking tenant isolation. No public exploit identified at time of analysis, but source-code-level analysis confirms the gap end-to-end.

Python Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy