Skip to main content
CVE-2025-14772 HIGH CISA This Week

Authorization bypass in ABB T-MAC Plus version 4.0-24 allows authenticated remote attackers to access or modify resources belonging to other users by manipulating user-controlled identifiers (IDOR). The flaw scores CVSS 7.3 with high impact to integrity and availability, and no public exploit identified at time of analysis. The vulnerability was reported by the vendor (ABB) itself, indicating coordinated disclosure rather than incident-driven discovery.

Abb Authentication Bypass
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-36611 HIGH This Week

Information disclosure in Mercusys AC12G (EU) V1 router firmware AC12G(EU)_V1_200909 leaks 128 bytes of uninitialized memory when the UPnP service on port 1900 receives POST requests lacking a SOAPAction header, enabling unauthenticated adjacent-network attackers to harvest internal buffer contents. The flaw is rated CVSS 7.3 (low impact across CIA), and no public exploit identified at time of analysis, though the referenced GitHub advisory documents the issue with reproduction details.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-36609 HIGH This Week

Authentication token recovery in Mercusys AC12G (EU) V1 routers running firmware AC12G(EU)_V1_200909 allows network-based attackers to decrypt captured login credentials and recover plaintext administrator passwords. The flaw stems from a static authentication nonce that never rotates for requests originating from the same source IP, combined with a weak XOR-based password encoding routine (securityEncode). A public advisory exists on GitHub, but no public exploit code or active exploitation has been identified at the time of analysis.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-46250 HIGH PATCH This Week

Denial of service in the Linux kernel's MIPS architecture support affects builds compiled with LLVM/Clang versions 18 through 21, where the compiler incorrectly restores the $gp global register variable in the relocate_kernel() epilogue. The result is that __current_thread_info points to the unrelocated kernel address space, causing an immediate NULL-pointer dereference in init_idle during early boot and a panic before userspace ever starts. No public exploit identified at time of analysis, EPSS is very low (0.02%), and the issue is a boot-time crash rather than a remotely triggerable flaw.

Denial Of Service Linux Red Hat Suse
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-8876 HIGH This Week

Hardcoded cryptographic secrets in Securly Chrome Extension version 3.0.7 allow remote attackers to decrypt sensitive crisis alert keyword lists and intervention site data shipped with the extension. The plaintext AES passphrases embedded in securly.min.js can be extracted by anyone who installs or inspects the extension, exposing the proprietary detection logic used to safeguard students. No public exploit has been identified at time of analysis, and EPSS rates exploitation probability at 0.02% (4th percentile), but the trivial extractability of the keys means any motivated actor can replicate the disclosure.

Google Authentication Bypass Chrome
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-9334 HIGH PATCH This Week

Type confusion in Cpanel::JSON::XS (Perl) versions before 4.41 allows remote attackers to crash a decoder by submitting JSON with duplicate object keys when the dupkeys_as_arrayref option is enabled. The decode_hv() routine dereferences a scalar as a reference before verifying its type, turning attacker-controlled scalar contents into a wild pointer access. No public exploit identified at time of analysis; EPSS is 0.02% and CISA SSVC marks exploitation as 'none' but automatable with partial technical impact.

Denial Of Service Memory Corruption Cpanel
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-50033 HIGH PATCH This Week

Local privilege escalation in Acronis DeviceLock DLP for Windows (builds prior to 9.0.15051.93227) enables a low-privileged local user to execute code in a higher-privileged context by abusing insecure DLL search behavior. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the combination of low complexity and a security product as the target makes it a credible insider/post-compromise risk. Exploitation requires local access plus user interaction, which limits drive-by mass abuse.

Microsoft Privilege Escalation
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2026-44682 HIGH PATCH This Week

Local privilege escalation in Acronis DeviceLock DLP for Windows (builds prior to 9.0.15051.93227) enables an authenticated low-privileged user to execute code in a higher-privileged context by abusing uncontrolled DLL search path loading. Exploitation requires local access plus user interaction, and at the time of analysis no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The vendor (Acronis PSIRT) has published advisory SEC-11249 with a fixed build.

Microsoft Privilege Escalation
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2026-44609 HIGH PATCH This Week

Local privilege escalation in Acronis DeviceLock DLP for Windows (builds prior to 9.0.15051.93227) allows a low-privileged local user to hijack the execution of a trusted DeviceLock executable and run arbitrary code with elevated rights. The flaw is rooted in CWE-427 (Uncontrolled Search Path Element), commonly seen when an application loads a binary from a writable or attacker-controllable location. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Microsoft Privilege Escalation
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2026-42061 HIGH PATCH This Week

Local privilege escalation in Acronis DeviceLock DLP for Windows before build 9.0.15051.93227 allows a low-privileged authenticated user to gain elevated privileges by abusing excessive permissions inherited by child processes spawned by the agent. With CVSS 7.3 and a high impact across confidentiality, integrity, and availability, successful exploitation requires user interaction and local access, and no public exploit identified at time of analysis.

Microsoft Privilege Escalation
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2025-41259 HIGH PATCH This Week

Local privilege escalation in SWUpdate versions before 2026.05 allows unprivileged users to gain root or install attacker-controlled content by winning a TOCTOU race during processing of a signed update. The flaw, reported by SBA Research and tracked as EUVD-2025-210052, undermines SWUpdate's signed-update integrity model on embedded Linux devices. No public exploit identified at time of analysis, but an upstream patch is available via commit f4bd6426.

Privilege Escalation Swupdate
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-35080 HIGH This Week

Arbitrary file deletion in MBS GmbH universal gateway (UGW) products allows authenticated remote users to remove files on the device through the ugw-restoreinfo method, which fails to validate user-controlled path input (CWE-73). The flaw, reported by CERT@VDE and tracked under VDE-2026-039, affects the Single-A, Double-A (Profibus/X-Link), Single-X, and Double-X (CAN/DALI/KNX/LON/M-Bus/Profinet) fieldbus gateway product lines used in industrial and building automation. No public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Single A Double A Profibus Double A X Link Single X +14
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-35079 HIGH This Week

Arbitrary file deletion in MBS Universal Gateway (UGW) products allows authenticated remote attackers with low-privilege user accounts to delete arbitrary files on the device by abusing the ugw-restore method, which fails to validate user-controlled path input. The vulnerability affects multiple MBS gateway variants (Single-A, Double-A Profibus/X-Link, Single-X, and Double-X CAN/DALI/KNX/LON/M-Bus/Profinet bridges) used in industrial fieldbus integration. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Single A Double A Profibus Double A X Link Single X +14
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-35078 HIGH This Week

Arbitrary file deletion in MBS Universal Gateway (UGW) product line allows authenticated remote attackers to delete local files on the device via the ugw-logstop method, which fails to validate user-supplied path input. The flaw affects MBS Single-A, Double-A (Profibus, X-link), Single-X, and Double-X (CAN, DALI, KNX, LON, M-Bus, Profinet) industrial protocol gateways. No public exploit identified at time of analysis, but the low-complexity, low-privilege attack profile makes this a credible threat to availability of industrial control system gateways.

Information Disclosure Single A Double A Profibus Double A X Link Single X +14
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-35077 HIGH This Week

Arbitrary file deletion in MBS Universal Gateway (UGW) product family allows authenticated remote attackers to remove any file on the device filesystem by abusing the ugw-delete-file method, which fails to validate user-controlled path input (CWE-73). With CVSS 4.0 score 7.2 and PR:L, exploitation requires only a low-privileged account, and successful abuse impacts integrity and availability of the gateway (VI:H/VA:H). No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Information Disclosure Single A Double A Profibus Double A X Link Single X +14
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-35076 HIGH This Week

Arbitrary file deletion in MBS GmbH industrial gateway products (single-a, double-a, single-x, double-x variants across Profibus, Profinet, KNX, LON, M-Bus, DALI, CAN, and X-Link protocols) allows authenticated remote attackers to remove arbitrary files on the device via the bac-scanresult method, which fails to validate user-controlled path input. Reported by CERTVDE under advisory VDE-2026-039, no public exploit identified at time of analysis. The CVSS 4.0 score of 7.2 reflects high integrity and availability impact achievable with only low-privileged user credentials.

Information Disclosure Single A Double A Profibus Double A X Link Single X +14
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-35081 HIGH This Week

Privilege escalation / denial of service in MBS Universal Gateway (UGW) product family allows an authenticated low-privileged remote user to terminate arbitrary processes on the device via the ugw-logstop method, which fails to validate user-supplied input. No public exploit identified at time of analysis, but the bug affects a broad set of MBS industrial protocol gateways (Single-A, Double-A Profibus/X-Link, Single-X, Double-X CAN/DALI/KNX/LON/M-Bus/Profinet) used in building and industrial automation. CVSS 4.0 base is 7.2 reflecting High integrity and availability impact with only low privileges required.

Information Disclosure Single A Double A Profibus Double A X Link Single X +14
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-14773 HIGH CISA This Week

Stored/reflected cross-site scripting in ABB T-MAC Plus version 4.0-24 allows authenticated low-privileged attackers to inject malicious script content into the web management interface, which executes in the browsers of other users who interact with the affected pages. With a CVSS 4.0 base score of 7.2 and no public exploit identified at time of analysis, the flaw is notable because successful exploitation impacts both the vulnerable component and downstream subsequent systems with high integrity and availability consequences, reflecting the operational-technology context typical of ABB industrial products.

XSS Abb
NVD VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-14774 HIGH CISA This Week

Authorization bypass in ABB T-MAC Plus version 4.0-24 allows adjacent-network attackers to perform unauthorized actions that compromise device integrity and availability without any credentials or user interaction. The flaw is an incorrect authorization weakness (CWE-863) carrying a CVSS 4.0 score of 7.2, and no public exploit identified at time of analysis. ABB itself disclosed the issue and published an advisory describing the affected firmware.

Abb Authentication Bypass
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-47214 HIGH PATCH GHSA This Week

Path traversal and SSRF in Docling's HTML backend allow attackers to coerce the document processor into reading local files, contacting internal network resources, and consuming unbounded resources when a crafted HTML document is processed with non-default fetch flags enabled. The flaw affects the docling Python package prior to 2.94.0 and stems from missing validation of file:// URIs, relative/absolute paths, HTTP redirects, and download sizes; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Path Traversal SSRF
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-15654 HIGH This Week

Reflected cross-site scripting in Fox-themes Prague (WordPress theme/plugin family) through version 2.2.8 lets a remote attacker inject script that executes in a victim's browser when the victim clicks an attacker-crafted link. The flaw was disclosed via Patchstack and carries a CVSS 7.1 (scope-changed) rating; no public exploit identified at time of analysis and the issue is not on CISA KEV.

XSS Prague
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2019-25720 HIGH This Week

Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sc 6002Xl Sc6802Xl Sc 7000 Sc8000 +1
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-44018 HIGH PATCH GHSA This Week

Local file disclosure and denial of service in the Docling document-conversion library (Python pip package, versions 2.45.0 up to 2.91.0) stem from its METS-GBS backend parsing XML and extracting archives without security controls. A maliciously crafted METS-GBS archive processed by Docling can trigger XML External Entity (XXE) resolution to read sensitive local files, or use decompression/zip bombs and unbounded tar extraction to exhaust memory and disk. EPSS is very low (0.01%, 3rd percentile) and there is no public exploit identified at time of analysis; exploitation requires a victim application to process attacker-supplied input.

Denial Of Service XXE
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-8874 HIGH PATCH This Week

Cleartext transmission in Securly Chrome Extension version 3.0.7 exposes crisis alert keyword lists and content filtering rules to adjacent network attackers because the extension fetches these JSON configuration files over plaintext HTTP while other endpoints in the same extension correctly use HTTPS. An adjacent attacker on the same network segment can intercept or tamper with the filtering policy data, undermining the safety controls Securly is meant to enforce on managed Chromebooks. No public exploit identified at time of analysis and EPSS is very low at 0.01%, but a vendor patch is available.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-36606 HIGH This Week

Credential disclosure in Mercusys AC12G (EU) V1 routers running firmware AC12G(EU)_V1_200909 allows recovery of plaintext admin, WiFi, and DDNS credentials from configuration backup files. The device encrypts backups with a hardcoded single-DES key in ECB mode, meaning anyone who obtains the backup file can trivially decrypt it. No public exploit identified at time of analysis, though a third-party advisory write-up exists on GitHub describing the cryptographic flaw.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-42317 HIGH PATCH This Week

Arbitrary file deletion in GLPI versions 0.78 through 10.0.24 and 11.0.0 through 11.0.6 allows authenticated technicians to remove any file on the webserver filesystem to which the web process has write permissions. The flaw is tracked as a missing authorization issue (CWE-862) and is tagged as an authentication bypass; no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Authentication Bypass Glpi
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-42318 HIGH PATCH This Week

Unauthorized object deletion in GLPI versions 9.5.0 through 10.0.24 and 11.0.0 through 11.0.6 allows authenticated low-privilege users with planning access to delete arbitrary objects across the asset and IT management platform. The flaw stems from a missing authorization check (CWE-862) tied to the planning module, and no public exploit identified at time of analysis. Patches are available in 10.0.25 and 11.0.7.

Authentication Bypass Glpi
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-44281 HIGH PATCH This Week

Authorization bypass in GLPI IT asset management software (versions 0.78 through 10.0.24 and 11.0.0 through 11.0.6) permits an authenticated user holding only the config READ permission to access a specific asset object that should be outside their authorization scope. No public exploit identified at time of analysis, and CISA's SSVC framework rates exploitation as 'none' with partial technical impact. Vendor patches are available in 10.0.25 and 11.0.7.

Authentication Bypass Glpi
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy