Skip to main content
CVE-2025-53440 HIGH This Week

Local File Inclusion in Axiomthemes Confidant WordPress theme (versions up to and including 1.4) allows remote unauthenticated attackers to include arbitrary local PHP files on the server, potentially leading to sensitive information disclosure and code execution. The vulnerability is reported by Patchstack with a CVSS 8.1 (High) rating; no public exploit identified at time of analysis and the CVE is not present in CISA KEV. The high attack complexity (AC:H) suggests exploitation requires specific conditions to be met, despite the network-reachable, no-auth attack surface.

LFI Information Disclosure PHP
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-35482 HIGH This Week

Sandbox escape in alf.io ticket reservation system prior to version 2.0-M5-2606 allows an authenticated administrator to break out of the Rhino JavaScript extension engine and execute arbitrary OS commands on the host. The flaw stems from an unguarded injected `returnClass` Java object combined with an incomplete AST blocklist, enabling reflection-based escape without triggering validation. No public exploit identified at time of analysis, but the vendor advisory (GHSA-3w8f-mcf6-cm7h) confirms the issue and a patched release is available.

Java Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-33245 HIGH PATCH GHSA This Week

Client-side cross-site scripting in React Router 7.7.0 through 7.13.1 allows remote attackers to execute arbitrary script in a victim's browser when the application uses the unstable React Server Components (RSC) APIs and processes redirects originating from untrusted sources. The flaw is patched in 7.13.2; no public exploit identified at time of analysis and the vulnerability does not affect deployments that do not opt into the RSC APIs.

XSS React Router Red Hat
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-24237 HIGH This Week

Local code execution in NVIDIA NVTabular allows a low-privileged attacker to abuse insecure deserialization of untrusted data, potentially leading to arbitrary code execution, data tampering, and information disclosure on the host running the library. The flaw carries a CVSS 7.8 (High) rating with confidentiality, integrity, and availability all marked High, and currently no public exploit identified at time of analysis. NVTabular is a tabular feature-engineering library used in recommender-system pipelines, so the practical blast radius is data-science workstations and ML training nodes.

Nvidia RCE Deserialization Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24221 HIGH This Week

Local code execution in NVIDIA NVTabular allows an authenticated low-privileged user to abuse improper deserialization of untrusted data to run arbitrary code, tamper with data, and disclose sensitive information. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting a local attack vector with low complexity and low privileges; no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Nvidia RCE Deserialization Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40715 HIGH PATCH This Week

Local privilege escalation in Dell ThinOS 10 versions prior to ThinOS10 2602_10.0765 allows a low-privileged user with local access to elevate to higher privileges due to improper access control (CWE-284). The CVSS 3.1 base score of 7.8 reflects high impact on confidentiality, integrity, and availability, though exploitation requires existing local foothold. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Dell Privilege Escalation Authentication Bypass
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40619 HIGH This Week

Local credential exposure in Genetec Security Center main server installations allows an attacker with local OS privileges on the main server host to retrieve Server Admin credentials, enabling escalation to full Security Center administrative control. The flaw is tied to specific vulnerable installer builds rather than version numbers, meaning hosts running 5.10.4.0, 5.11.3.0, 5.12.2.0 or 5.13.3.0 may or may not be vulnerable depending on the installation package hash. No public exploit identified at time of analysis and no evidence of active exploitation per the vendor advisory.

Information Disclosure Genetec Security Center
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-3514 HIGH PATCH GHSA This Week

Authentication bypass in prefecthq/prefect 3.6.19 allows remote unauthenticated attackers to access sensitive API endpoints by naming resources with paths ending in 'health' or 'ready', exploiting overly broad suffix-matching in the auth middleware exemption logic. Confirmed exploitable per the huntr.com bounty disclosure and validated by the upstream patch which replaces suffix matching with exact path comparison. No public exploit identified at time of analysis, and no EPSS or KEV signal is provided in the available data.

Authentication Bypass Prefecthq Prefect
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2026-10621 HIGH PATCH This Week

Arbitrary file write in Collibra Agent's restore handler allows remote unauthenticated attackers to drop files outside the intended extraction directory by submitting a crafted ZIP archive that abuses unsanitized path entries during extraction. The flaw affects multiple Collibra Platform SaaS and on-premises release trains and carries a CVSS 3.1 score of 7.5 (integrity-only impact). No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV, but a vendor patch is available.

Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42504 HIGH PATCH This Week

Algorithmic complexity denial of service in the Go standard library's mime package allows remote unauthenticated attackers to consume excessive CPU by submitting MIME headers containing many invalid encoded-words. Affected Go releases include mime versions before 1.25.11 and 1.26.0-0 through versions prior to 1.26.4, with a patch available from upstream Go. EPSS is very low (0.02%, 5th percentile) and there is no public exploit identified at time of analysis, but the network-reachable, no-auth attack surface makes this relevant for any Go service that parses untrusted MIME input.

Information Disclosure Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-10701 HIGH PATCH This Week

Information disclosure in Mozilla Firefox prior to 151.0.3 allows remote attackers to read out-of-bounds memory via the Graphics: Text component when processing crafted content. The flaw stems from incorrect boundary conditions (CWE-119) in text rendering and can be triggered without user authentication, though no public exploit has been identified and EPSS scores it at just 0.02% likelihood of exploitation.

Buffer Overflow Mozilla
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42670 HIGH This Week

Information disclosure in the Five Star Restaurant Reservations WordPress plugin (versions up to and including 2.7.14) allows unauthenticated remote attackers to bypass access control checks due to a missing authorization flaw (CWE-862). Patchstack characterizes the issue as a payment bypass vulnerability, meaning attackers can exercise restaurant reservation or payment-related functionality that should require proper authorization. No public exploit identified at time of analysis, and EPSS is very low (0.02%), suggesting it is not currently being mass-exploited.

Authentication Bypass Five Star Restaurant Reservations
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40780 HIGH PATCH This Week

Authentication bypass in Liquid Web / StellarWP BookIt WordPress plugin versions before 2.5.4.1 allows remote unauthenticated attackers to abuse the password recovery channel to take over accounts. The flaw maps to CWE-288 (alternate path/channel) and carries a CVSS 7.5 (high) integrity impact; no public exploit identified at time of analysis, though Patchstack has catalogued the issue for the WordPress ecosystem.

Authentication Bypass Bookit
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42669 HIGH This Week

Broken access control in the EventPrime WordPress plugin (versions up to and including 4.3.2.0) allows unauthenticated remote attackers to modify or tamper with data due to incorrectly configured access control security levels. The flaw, reported by Patchstack and tracked as CWE-862 (Missing Authorization), carries a CVSS 3.1 base score of 7.5 with an integrity-only impact; no public exploit identified at time of analysis.

Authentication Bypass Eventprime
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-58024 HIGH This Week

Local file inclusion in the UnboundStudio Accordion FAQ WordPress plugin (versions up to and including 2.2.1) allows authenticated remote attackers to include and execute arbitrary PHP files from the server filesystem via improperly controlled include/require statements. The flaw, reported by Patchstack and tagged as LFI/Information Disclosure, can lead to full compromise of the WordPress instance through disclosure of sensitive configuration data (e.g., wp-config.php) and potential code execution if attacker-controlled files are reachable. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

LFI Information Disclosure PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64390 HIGH PATCH This Week

Sandbox escape in Sony PlayStation 4 firmware versions 13.00 through 13.02 allows attackers to break out of the BD-J (Blu-ray Disc Java) sandbox by supplying a malformed JAR file, leading to privilege escalation with full impact on confidentiality, integrity, and availability. The flaw, tracked via HackerOne report 3452696 and CWE-367 (TOCTOU race condition), is rated CVSS 7.4 because the local attack vector and high attack complexity offset the unauthenticated nature of the exploit. EPSS is 0.02% (5th percentile) and no public exploit identified at time of analysis.

Privilege Escalation Ps4
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-10629 HIGH This Week

Cleartext SIP signaling in Verizon's VoLTE/IMS infrastructure allows an on-path attacker positioned on the radio or core network to intercept and tamper with VoIP call signaling because IPsec integrity protection (Security-Client/Security-Server headers and ESP-protected traffic) is not enforced. The flaw, reported by CERT/CC and tracked as EUVD-2026-33945, affects an unspecified Verizon IMS deployment and enables disclosure of call metadata, caller identity spoofing, and signaling manipulation. There is no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.01%.

Information Disclosure Volte
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-34993 HIGH PATCH GHSA This Week

Arbitrary code execution in the aiohttp Python framework (versions prior to 3.14.0) arises when CookieJar.load() deserializes an attacker-controlled file, classed as CWE-502 unsafe deserialization. An attacker who can plant or substitute the persisted cookie file and induce the application to load it gains code execution in the host process. There is no public exploit identified at time of analysis, EPSS is very low (0.06%), and CISA SSVC rates exploitation as none - consistent with the library's own note that the function is normally used on the user's own trusted data.

RCE Deserialization Python Aiohttp
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-30649 HIGH This Week

Remote code execution in VIVOTEK FD8136 network camera (firmware VVTK-0300a) is possible via a stack-based buffer overflow in the set_getparam.cgi component, reachable over the network without authentication. CVSS 7.3 reflects partial CIA impact, but the presence of public vulnerability-research artifacts on GitHub indicates publicly available exploit code exists, while EPSS remains low at 0.05% (17th percentile) and the issue is not currently listed in CISA KEV.

Buffer Overflow RCE Stack Overflow N A
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2019-25722 HIGH This Week

Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sc 6002Xl Sc6802Xl Sc 7000 Sc8000 +1
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-40108 HIGH This Week

Stored cross-site scripting in GLPI versions 11.0.0 through 11.0.6 allows an authenticated technician to persist a malicious payload inside ITIL cost records, which then executes in the browser of any user who later views the affected ticket or change. The flaw is fixed in 11.0.7 and there is no public exploit identified at time of analysis, but the high CVSS 4.0 score (7.1) reflects the broad confidentiality/integrity/availability impact on the victim's session once triggered.

XSS
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-31942 HIGH This Week

Cross-user API key overwrite in LibreChat versions up to and including 0.7.6 allows any authenticated user to replace another user's stored provider API keys (OpenAI, Anthropic, Azure) by injecting a userId parameter into PUT /api/keys requests. The flaw stems from an Insecure Direct Object Reference where the JavaScript spread operator overrides the server-set authenticated user ID, enabling conversation hijacking or denial of service. No public exploit identified at time of analysis, and the issue is fixed in 0.8.3-rc1.

Microsoft Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-1871 HIGH PATCH This Week

Denial of service in TP-Link Tapo C200 v5 IP cameras allows adjacent network attackers to crash the RTSP service and force a device reboot by sending a crafted Authorization header in an RTSP authentication request. The flaw is a stack-based buffer overflow (CWE-121) in the RTSP authentication handler; no public exploit identified at time of analysis, but vendor-acknowledged and patched firmware is available from TP-Link.

Buffer Overflow TP-Link Denial Of Service Stack Overflow
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2019-25724 HIGH This Week

Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access to the hospital or. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Infinity M300
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2019-25721 HIGH This Week

Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Infinity M300
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-33398 HIGH This Week

Broken access control in NamelessMC 2.2.4 (Minecraft community website software) allows any low-privileged authenticated user to read posts from hidden, private, or staff-only forums by sending crafted requests to the get_quotes.php endpoint. The Forum module's quote helper only verifies that the caller is logged in and fails to enforce forum/topic visibility ACLs that the normal topic view does enforce. No public exploit identified at time of analysis, but the issue is trivial to weaponize given an account on the affected site.

PHP Authentication Bypass Nameless
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-42654 HIGH This Week

Authentication bypass in the WP Swings Wallet System for WooCommerce plugin (versions up to and including 2.7.5) allows an authenticated low-privileged attacker to abuse the password recovery flow as an alternate channel to take over other accounts. Successful exploitation yields high impact to integrity (account/wallet compromise) with limited confidentiality exposure, and no public exploit has been identified at time of analysis.

WordPress Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-42685 HIGH This Week

Reflected cross-site scripting in the WP Job Portal WordPress plugin (versions up to and including 2.5.1) allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser after they click a crafted link. The flaw has CVSS 7.1 elevated by scope change (S:C), meaning script execution can impact resources beyond the vulnerable component, such as the WordPress admin session. No public exploit identified at time of analysis and no CISA KEV listing.

XSS Wp Job Portal
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52759 HIGH This Week

Reflected cross-site scripting in the UnboundStudio Accordion FAQ WordPress plugin (versions through 2.2.1) allows remote attackers to execute arbitrary JavaScript in a victim's browser session by luring them to click a crafted link. The CVSS 7.1 score reflects scope change (S:C), meaning script execution can affect resources beyond the vulnerable component, such as the WordPress admin context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Accordion Faq
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-15653 HIGH PATCH This Week

Physical USB tampering against Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations allows an attacker with bedside access to compromise software integrity, alter therapy data, and pivot to connected networks or Dräger Service Connect. The flaw, disclosed by VulnCheck and tracked under CWE-668 (Exposure of Resource to Wrong Sphere), carries a CVSS 4.0 base score of 7.0 reflecting high impact across confidentiality, integrity, and availability of the device itself. There is no public exploit identified at time of analysis and no CISA KEV listing, but the medical-device context elevates patient-safety concern even at moderate technical severity.

Information Disclosure Zeus Ie Zeus Rs C500
NVD VulDB
CVSS 4.0
7.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy