Skip to main content
CVE-2026-49143 HIGH POC GHSA Monitor

Remote code execution in BrowserStack Runner through version 0.9.5 allows network-adjacent unauthenticated attackers to execute arbitrary code on the host system by sending crafted JSON to the /_log HTTP handler. The flaw stems from unsafe use of vm.runInNewContext() combined with eval(), and a known sandbox-escape technique via util.format and this.constructor.constructor enables full host compromise. No public exploit identified at time of analysis, but the technique is well-documented and the CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability.

RCE Code Injection Node.js Browserstack Runner
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-42211 HIGH POC PATCH GHSA This Week

Remote code execution in React Router 7.0.0 through 7.14.1 affects applications running in Framework Mode by chaining an application-level prototype pollution flaw with router internals to achieve unauthenticated RCE on the server. Applications using Declarative Mode (BrowserRouter) or Data Mode (createBrowserRouter/RouterProvider) are unaffected. No public exploit identified at time of analysis; CVSS 8.1 reflects high impact tempered by high attack complexity due to the prerequisite prototype pollution gadget.

RCE Deserialization React Router
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-8293 HIGH POC PATCH This Week

Two-factor authentication bypass in the Really Simple Security WordPress plugin before 9.5.10.1 allows attackers who already possess a valid username and password to hijack a fully authenticated WordPress session without completing the email OTP challenge. Two REST endpoints in the plugin's 2FA flow fail to enforce the second-factor challenge, effectively neutralizing the MFA protection the plugin is marketed to provide. Publicly available exploit code exists (WPScan), and a vendor patch has been released.

WordPress Authentication Bypass
NVD WPScan
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-5073 HIGH POC This Week

Unauthenticated SQL injection in the ARMember Premium WordPress plugin (versions up to and including 7.3.1) allows remote attackers to extract sensitive database contents by injecting crafted values into the 'order' and 'orderby' parameters of the arm_directory_paging_action AJAX endpoint. With CVSS 7.5 reflecting confidentiality-only impact and no public exploit identified at time of analysis, the bug is reachable without credentials but EPSS data was not provided to estimate exploitation likelihood.

SQLi WordPress
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42342 HIGH POC PATCH GHSA This Week

Denial of service in React Router 7.0.0-7.14.x and @remix-run/server-runtime 2.10.0-2.17.4 allows remote unauthenticated attackers to exhaust server resources by sending crafted requests to the __manifest endpoint, which triggers unbounded path expansion. Only applications running in React Router Framework Mode or Remix are affected; Declarative Mode (<BrowserRouter>) and Data Mode (createBrowserRouter) deployments are not. No public exploit identified at time of analysis, and the issue is patched in react-router 7.15.0 and @remix-run/server-runtime 2.17.5.

Denial Of Service React Router Remix Run Server Runtime Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-34077 HIGH POC PATCH GHSA This Week

Client-side Cross-Site Scripting in React Router 7.7.0 through 7.13.1 affects applications using the unstable React Server Components (RSC) APIs, where redirect handling fails to sanitize destinations originating from untrusted sources. An attacker who can influence redirect targets consumed by RSC handlers may inject script payloads that execute in the victim's browser, with no public exploit identified at time of analysis. The advisory is published as GHSA-rxv8-25v2-qmq8 and the issue is fixed in 7.13.2.

XSS Denial Of Service React Router Turbo Stream Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-49144 HIGH POC GHSA Monitor

Arbitrary file disclosure in BrowserStack Runner versions through 0.9.5 allows unauthenticated network-adjacent attackers to read sensitive files outside the project root by abusing a path traversal flaw in the default HTTP handler of lib/server.js. Because the embedded test server binds on all interfaces by default, any attacker on the same network segment (Wi-Fi, VLAN, or shared LAN) can retrieve source code, credentials, or environment files. No public exploit identified at time of analysis, but a GitHub Security Advisory (GHSA-8rpw-6cqh-2v9h) has been published.

Path Traversal Browserstack Runner
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40181 MEDIUM POC PATCH GHSA This Month

Open redirect in React Router's programmatic `redirect()` function allows unauthenticated remote attackers to redirect users to arbitrary external domains by supplying path values beginning with `//`, which browsers interpret as protocol-relative (scheme-relative) URLs. Affected are applications in the v7 series (7.0.0-7.14.0) and v6 series (6.7.0-6.30.3) that expose user-influenced input to `redirect()` without validating the path prefix. No public exploit identified at time of analysis - CVSS 4.0 supplemental metric E:U (Unreported) confirms no known active exploitation - but the technique is trivially constructible from the advisory description alone, and patched releases 7.14.1 and 6.30.4 are available.

Open Redirect Red Hat
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.0%
CVE-2026-7299 MEDIUM POC PATCH This Month

Stored XSS in Appsmith's SQL query editor autocomplete allows an authenticated Developer-role user to inject persistent malicious JavaScript via crafted database table or column names that are rendered unsanitized through innerHTML. When other workspace members interact with the same datasource's query editor, the injected script executes in their browser session, enabling session token theft and unauthorized actions with high confidentiality impact (CVSS C:H). A public proof-of-concept exploit exists (Stuub/Appsmith-1.98-Stored-XSS-Exploit on GitHub), and the vulnerability was reported by CERT/CC, materially elevating practical exploitation risk above what the CVSS 6.3 Medium score alone implies.

XSS RCE Appsmith
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-7312 CRITICAL PATCH Act Now

Credential disclosure in Progress Sitefinity 14.0.7700-15.4.8630 allows remote unauthenticated attackers to retrieve plaintext credentials used to connect to the Sitefinity Insight analytics service. The CVSS 10.0 score reflects network-reachable, no-auth, no-interaction exploitation with cross-scope impact, though exploitation is gated on the site having active Sitefinity Insight integration and a non-default configuration. No public exploit identified at time of analysis and the vendor (Progress) is the sole reporting source via a May 2026 advisory.

Information Disclosure Sitefinity
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-7198 CRITICAL PATCH Act Now

Unauthenticated access control bypass in Progress Sitefinity 15.4.8623 (fixed in 15.4.8630) enables remote attackers to reach restricted content via the product's web services, leading to full compromise of confidentiality, integrity, and availability. The CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) rating reflects trivial network-reachable exploitation, and Progress has issued a coordinated advisory covering this and four sibling CVEs; no public exploit identified at time of analysis.

Authentication Bypass Sitefinity
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-49448 CRITICAL PATCH Act Now

Authentication bypass in authentik identity provider (versions prior to 2025.12.6, 2026.2.4, and 2026.5.1) allows remote unauthenticated attackers to circumvent the Source stage by submitting an empty POST request. With a CVSS score of 9.8 and CWE-287 (Improper Authentication), this flaw effectively defeats a core identity verification control; no public exploit identified at time of analysis, though the trivial trigger condition makes weaponization straightforward once details are widely studied.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-38967 CRITICAL Act Now

HTTP response header injection in CrowCpp Crow through v1.3.1 allows remote attackers to inject arbitrary CR/LF sequences into response headers when application code passes unvalidated input to header-setting APIs. The flaw stems from the framework not stripping \r\n characters in header keys or values, enabling CRLF injection that can lead to response splitting, cache poisoning, or XSS depending on how the embedding application uses user input. No public exploit identified at time of analysis and EPSS is very low (0.02%), but the upstream fix in PR #1167 confirms the issue and provides a sanitization routine.

Code Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5076 CRITICAL Act Now

Account takeover in the ARMember Premium WordPress plugin through version 7.3.1 stems from the plugin storing a plaintext password reset key in the `arm_reset_password_key` user meta field alongside WordPress core's properly hashed token. When chained with the companion SQL injection issues CVE-2026-5073/5074, an unauthenticated attacker can extract the plaintext key and invoke the plugin's `armrp` reset action to set a new password for any user, including administrators. No public exploit identified at time of analysis, though the chain is described in detail by Wordfence and the CVSS 9.8 rating reflects unauthenticated remote compromise.

SQLi WordPress Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-53209 CRITICAL Act Now

Privilege escalation in Themeisle Masteriyo LMS PRO (WordPress plugin) up to and including version 2.20.0 allows remote unauthenticated attackers to gain elevated privileges through incorrect privilege assignment (CWE-266). The CVSS 9.8 score reflects network-reachable, no-authentication exploitation with high impact to confidentiality, integrity, and availability; no public exploit identified at time of analysis, but the Patchstack advisory confirms the flaw class and affected version range.

Privilege Escalation Masteriyo Lms Pro
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-8206 CRITICAL Act Now

Account takeover in the Kirki Freeform Page Builder WordPress plugin (versions 6.0.0 through 6.0.6) allows unauthenticated remote attackers to hijack any registered account, including administrators, by redirecting password reset links to attacker-controlled email addresses. The flaw stems from the plugin honoring an arbitrary email value supplied alongside a valid username in password reset requests, breaking the trust binding between account and recovery destination. No public exploit identified at time of analysis, but the trivial nature of the bug and Wordfence's published advisory make weaponization straightforward.

Privilege Escalation WordPress
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-32625 CRITICAL Act Now

{VAR} placeholders against the host process environment, so attacker-controlled MCP URLs cause the LibreChat backend to transmit CREDS_KEY, CREDS_IV, JWT_SECRET, and MONGO_URI to an attacker-controlled host. No public exploit identified at time of analysis, and the issue is fixed in 0.8.4-rc1.

Information Disclosure Librechat
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-10619 MEDIUM POC This Month

Authentication bypass in sayan365's Student Management System exposes multiple protected endpoints to remote unauthenticated attackers, allowing unauthorized access to application functionality across the entire codebase up to commit 7f3c9ce7d410332335c2affac93a385485051800. The CVSS 4.0 vector confirms trivial, unauthenticated network exploitation (AV:N/AC:L/AT:N/PR:N/UI:N), and publicly available exploit code exists per the E:P maturity modifier and GitHub issue #4. The maintainer has not responded to responsible disclosure, leaving no patch available and the exploit window open indefinitely.

Authentication Bypass Student Management System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-10617 MEDIUM POC This Month

Missing authentication in GoClaw's Webhook Verification Handler allows unauthenticated remote attackers to interact with webhook endpoints without valid credentials, affecting all versions up to and including 3.11.3. The flaw resides in the `resolveAuth` function within `internal/http/auth.go`, where the authentication check can be bypassed entirely. A publicly available exploit has been disclosed (GitHub issue #1134), and the project acknowledges the issue as a bug; no confirmed patched release has been identified at time of analysis.

Authentication Bypass Goclaw
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-10650 MEDIUM POC PATCH This Month

Unbounded memory allocation in warmcat libwebsockets up to 4.5.8 allows remote unauthenticated attackers to exhaust server heap resources by sending SSH packets with a crafted oversized `msg_len` value, resulting in denial of service. The vulnerability is confined to deployments using the optional SSH server plugin (`protocol_lws_ssh_base`) and carries a CVSS 5.3 Medium rating with no confidentiality or integrity impact. A public proof-of-concept exploit exists and the CVSS temporal vector confirms exploit availability (E:P) and an official patch (RL:O); no CISA KEV listing indicates no confirmed widespread in-the-wild exploitation as of the analysis date.

Denial Of Service Libwebsockets Red Hat
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-10620 MEDIUM POC This Month

SQL injection in code-projects Student Admission System 1.0 allows remote unauthenticated attackers to manipulate the 'eid' and 'did' parameters in /index.php to inject arbitrary SQL queries. Publicly available exploit code exists (referenced via GitHub issue tracker), increasing the likelihood of opportunistic attacks against exposed deployments. The vulnerability carries a CVSS 3.1 base score of 7.3, with low impact across confidentiality, integrity, and availability, but no special prerequisites for exploitation.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-34906 CRITICAL Act Now

Remote code execution in Wirtualna Uczelnia (versions up to wu#2016.437.295#0#20260327_105545) allows unauthenticated network attackers to execute arbitrary commands via Server-Side Template Injection in the redirectToUrl endpoint's redirectUrlParameter. The CVSS 4.0 base score of 9.3 reflects no authentication, no user interaction, and high impact across confidentiality, integrity, and availability; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV. Disclosure originated from CERT-PL, indicating a vetted advisory channel for this Polish academic management product.

Ssti RCE
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-47117 CRITICAL PATCH GHSA Act Now

Remote code execution in OpenMed before 1.5.2 allows unauthenticated attackers to execute arbitrary Python code on the OpenMed service by abusing broad substring matching in the PII privacy-filter model dispatcher to load attacker-controlled Hugging Face repositories with trust_remote_code=True. The flaw, reported by VulnCheck and tracked as CWE-94 (Code Injection), carries a CVSS 4.0 score of 9.3 and a vendor-released patch is available; no public exploit identified at time of analysis.

RCE Code Injection Openmed
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-42849 CRITICAL PATCH Act Now

Cross-site scripting in authentik identity provider versions prior to 2025.12.5 and 2026.2.3 allows remote attackers to execute arbitrary JavaScript in a victim's browser by abusing the AutosubmitStage within the Simple Flow Executor (SFE). With a CVSS of 9.3 reflecting scope change and high impact to confidentiality/integrity, exploitation enables session hijacking against an identity provider, but no public exploit identified at time of analysis.

XSS Authentik
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-42684 CRITICAL Act Now

Blind SQL injection in the WP Job Portal WordPress plugin (versions up to and including 2.5.1) allows remote unauthenticated attackers to manipulate backend database queries by sending crafted input to vulnerable parameters. The flaw carries a CVSS 9.3 rating due to network-reachable, no-privileges, no-user-interaction exploitation with scope change, and no public exploit code has been identified at time of analysis. The vulnerability was reported through Patchstack's WordPress security program, with no CISA KEV listing.

SQLi Wp Job Portal
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-0611 CRITICAL PATCH Act Now

Unauthenticated remote code execution in Spacelabs Healthcare Sentinel (versions 10.5.x and 11.x prior to 11.6.0) allows network attackers to drop ASPX webshells into the IIS wwwroot via a legacy .NET Remoting HTTP channel on TCP/8989. The flaw stems from missing authentication (CWE-306) on a deprecated Microsoft remoting endpoint, and while a vendor patch is available, no public exploit identified at time of analysis. Exploitation requires that port 8989 has been deliberately exposed to the network, since it is not reachable in default Sentinel deployments.

RCE Authentication Bypass Sentinel
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2026-1829 HIGH This Week

Remote code execution in the Content Visibility for Divi Builder WordPress plugin (versions ≤ 4.02) allows authenticated attackers with Contributor-level access or higher to execute arbitrary PHP on the server by abusing the 'cvdb_content_visibility_check' parameter of the 'et_pb_text' shortcode. The flaw is a CWE-94 code injection issue disclosed by Wordfence and carries a CVSS 3.1 score of 8.8. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

RCE WordPress Code Injection
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-30650 HIGH This Week

Remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows authenticated attackers to gain root-level command execution by triggering a buffer overflow in the /cgi-bin/admin/eventtask.cgi admin endpoint. Publicly available exploit code exists in a GitHub research repository, though EPSS scoring (0.09%, 25th percentile) suggests low observed exploitation activity and the CVE is not listed in CISA KEV.

Buffer Overflow RCE N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7195 HIGH PATCH This Week

Account compromise in Progress Sitefinity CMS (14.1.x-15.4.x prior to the May 2026 fix train) allows a remote unauthenticated attacker to violate the integrity and confidentiality of user accounts when an administrator runs a non-default site configuration and a victim is induced to interact with attacker-controlled content. The flaw is rooted in improper input validation (CWE-20) in Sitefinity's web services and carries a high CVSS of 8.8, but no public exploit has been identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Sitefinity
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-30652 HIGH This Week

Authenticated remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows attackers with valid admin-interface credentials to overflow a buffer in the /cgi-bin/dido/setdo.cgi endpoint and execute arbitrary code as root. No public exploit identified at time of analysis, though a vulnerability research repository on GitHub describes the issue, and EPSS estimates exploitation probability at 0.05% (17th percentile), suggesting low broad-scale exploitation interest despite the high CVSS 8.8 score.

Buffer Overflow RCE N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-4992 HIGH This Week

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Infinity Acute Care System Standalone Infinity M540 Patient Monitor
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-7201 HIGH PATCH This Week

Authenticated account takeover in Progress Sitefinity 15.2.x, 15.3.x, and 15.4.x allows a low-privileged remote user to modify account properties belonging to other users - including potentially higher-privileged accounts - by manipulating user-controlled identifiers in web service requests. The flaw is an IDOR-style authorization bypass (CWE-639) and, while no public exploit has been identified at time of analysis, the 8.8 CVSS rating reflects realistic escalation to account compromise once a foothold exists. No vendor-released patch data, KEV listing, or EPSS score was supplied with this advisory.

Authentication Bypass Sitefinity
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-49443 HIGH PATCH This Week

Authentication bypass in authentik identity provider versions prior to 2025.12.6, 2026.2.4, and 2026.5.1 allows a low-privileged attacker who can modify a source connection and holds an account in one of the configured external sources to log into any account on the system. The flaw (CWE-287) carries a CVSS 8.8 rating with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Authentication Bypass Authentik
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2019-25719 HIGH This Week

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-1784 HIGH This Week

HAProxy configuration injection in Red Hat OpenShift Container Platform 4 allows a low-privileged tenant with permission to create or modify Route resources to inject controlled directives into the cluster ingress configuration via the spec.path field. No public exploit identified at time of analysis, but the CVSS 8.8 score with scope change (S:C) reflects the ability to break out of the tenant boundary and impact the shared HAProxy router serving the entire cluster.

Code Injection Red Hat Openshift Container Platform 4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9844 HIGH This Week

Default credential exposure in Roche Diagnostics navify Digital Pathology (versions 2.0.0 through 2.4.0) lets remote unauthenticated attackers log into the embedded RabbitMQ Management interface using factory-shipped usernames and passwords. CVSS 4.0 rates the issue 8.8 with network attack vector and no privileges required, and no public exploit identified at time of analysis. Successful access exposes message-broker administration, enabling data interception, queue manipulation, and downstream tampering with pathology workflows.

Information Disclosure
NVD VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-53345 HIGH This Week

Privilege-bound arbitrary code execution in ThimPress Thim Core (WordPress plugin) versions through 2.3.3 allows authenticated low-privilege users to bypass authorization checks and execute arbitrary code on affected sites, per Patchstack's advisory tagging this as an authentication bypass leading to RCE. The CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability with low attack complexity over the network. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Thim Core
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-14036 HIGH PATCH This Week

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Core M540 Converter Service
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-7313 HIGH PATCH This Week

Credential exposure in Progress Sitefinity versions 8.0.5700 through 13.3.7652 allows authenticated back-end users to retrieve plain-text credentials used by the CMS to connect to the Sitefinity Insight analytics service. The CVSS 3.1 score of 8.7 with scope change (S:C) reflects that stolen Insight credentials can pivot into an adjacent system beyond the CMS itself. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; EPSS data was not provided in the input.

Information Disclosure Sitefinity
NVD VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-10591 HIGH PATCH This Week

Arbitrary command execution in Amazon Kiro IDE versions prior to 0.11 allows remote attackers to plant malicious task definitions (e.g., .vscode/tasks.json) via the IDE's file write tool, which then auto-execute when a developer opens the affected workspace folder. The CVSS 4.0 score of 8.6 reflects network-reachable abuse with high confidentiality, integrity, and availability impact contingent on a single user action (folder open). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Kiro Ide
NVD VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-10047 HIGH This Week

Out-of-bounds write in the Bitdefender Napoca bare-metal hypervisor allows a low-privileged guest to corrupt hypervisor heap memory via crafted SS:SP register values processed by the real-mode hook handler. The flaw, tracked as EUVD-2026-33944 and reported by Bitdefender itself, affects an end-of-life product with no public exploit identified at time of analysis. Successful exploitation breaks the guest-to-hypervisor boundary, yielding total compromise of confidentiality, integrity, and availability of the host hypervisor.

Memory Corruption Buffer Overflow Napoca Bare Metal Hypervisor
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-10046 HIGH This Week

Out-of-bounds heap write in the Bitdefender Napoca bare-metal hypervisor lets a malicious guest VM operating in real mode corrupt hypervisor memory through a crafted INT 0x15/E820 BIOS call, potentially enabling guest-to-host escape. The flaw resides in napoca/guests/bios_handlers.c, which computes a write offset from attacker-controlled ES:EDI register values without bounds checking against the 1MB RealModeMemory buffer. No public exploit identified at time of analysis, and CISA SSVC classifies exploitation status as 'none' - but the product is end-of-life and unsupported, raising the long-term risk profile.

Memory Corruption Buffer Overflow Napoca Bare Metal Hypervisor
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-5385 HIGH PATCH This Week

Stored cross-site scripting in GLPI before 11.0.7 allows an attacker with write access to the knowledge base to embed a persistent XSS payload that executes in the browsers of users who later view the affected knowledge base item. The flaw was reported by Fluid Attacks and is rated High severity (CVSS 8.4) by the vendor, who shipped a fix in the 11.0.7 security release; no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

XSS Glpi
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-8036 HIGH This Week

Local privilege escalation in National Instruments NI-PAL versions 26.3.0 and earlier on Windows and Linux allows authenticated low-privileged users to read arbitrary system memory through improper input validation, potentially leading to full privilege escalation. CVSS 4.0 base score is 8.4 (High) reflecting the local attack vector but high confidentiality and integrity impact. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Privilege Escalation Microsoft
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2021-4481 HIGH PATCH This Week

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Privilege Escalation Protector Software
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2021-4480 HIGH PATCH This Week

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Privilege Escalation Protector Software
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2021-4478 HIGH PATCH This Week

Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Cc Vision Basic Cc Vision E Cal
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-10611 HIGH This Week

OTP authentication bypass in MISP affects deployments where LdapAuth.mixedAuth=true is combined with Security.require_otp=true, allowing attackers with valid LDAP (or other plugin) credentials to skip the mandatory second factor. Because the plugin-driven login establishes the session during the AppController beforeFilter phase, an attacker can authenticate, ignore the /users/otp challenge page, and browse directly to any authorized application URL as the victim. No public exploit identified at time of analysis, though the upstream commit clearly documents the bypass technique.

Authentication Bypass Misp
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-28299 HIGH This Week

Denial-of-service in SolarWinds Web Help Desk allows remote unauthenticated attackers to crash the server by exhausting available memory. The flaw is network-reachable with low attack complexity and requires no privileges or user interaction (CVSS 8.2), and no public exploit identified at time of analysis. The issue was reported by SolarWinds and addressed in the Web Help Desk 2026.2 release.

Denial Of Service Web Help Desk
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-10622 HIGH PATCH This Week

Authentication bypass in Collibra Platform's REST API allows remote unauthenticated attackers to reach privileged functionality through exposed '/rest/*' endpoints across multiple SaaS and on-premises release trains. The flaw carries a CVSS 8.2 (high) score reflecting network-reachable, no-privilege exploitation with high confidentiality impact, and no public exploit identified at time of analysis. A vendor patch has been issued across all affected branches, and reporting via CERT/CC (VU#873170) indicates coordinated disclosure rather than active exploitation.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.0%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy