Skip to main content
CVE-2026-46440 CRITICAL PATCH GHSA Act Now

Credential brute-force exposure in Flowise prior to 3.1.2 allows remote unauthenticated attackers to perform unlimited password-guessing attacks against the checkBasicAuth endpoint, which lacks rate limiting and uses non-constant-time plaintext comparison against the FLOWISE_USERNAME and FLOWISE_PASSWORD environment variables. Successful exploitation grants full access to the Flowise LLM workflow builder. No public exploit identified at time of analysis, though the GHSA advisory documents the vulnerable code path in detail and EPSS sits at a low 0.04%.

Information Disclosure Flowise
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2021-47984 MEDIUM POC This Month

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP XSS
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47983 MEDIUM POC This Month

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47982 MEDIUM POC This Month

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42535 CRITICAL PATCH Act Now

Improper path handling in the mod_dav_fs module of Apache HTTP Server 2.4.67 and earlier permits a WebDAV content author to directly manipulate trusted DAV property databases, leading to integrity violations and child process crashes. With a CVSS of 9.1 (AV:N/AC:L/PR:N/UI:N) and SSVC technical impact rated 'total' with automatable=yes, the flaw is highly impactful, though there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Apache Suse Red Hat Apache HTTP Server
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-47252 CRITICAL PATCH GHSA Act Now

Code injection in the anyquery chrome_tabs plugin (and Brave/Edge/Safari variants) on macOS allows an authenticated SQL client to break out of an AppleScript URL property record and execute arbitrary `osascript` commands, including `do shell script` for OS-level command execution. The flaw affects anyquery 0.4.4 (commit 0abd460) and stems from unescaped string interpolation at plugins/chrome/tabs.go:141 and :169. Publicly available exploit code exists in the GHSA advisory (GHSA-hrj8-hjv8-mgwc), though no public exploit identified at time of analysis in mass-exploitation feeds and KEV does not list it.

Command Injection Code Injection Google RCE Apple +2
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-11393 HIGH PATCH This Week

Remote code execution in AWS AgentCore CLI before v0.14.2 allows authenticated attackers to inject Python code via crafted collaborationInstruction strings stored on Bedrock Agent collaborators. When another user in the same AWS account imports the agent, the malicious triple-quote payload breaks out of the generated Python docstring and executes attacker-controlled code on AWS AgentCore Runtime under the imported agent's IAM execution role, as well as on the importing user's local environment. No public exploit identified at time of analysis, but the cross-user, cross-environment scope and 9.0 CVSS rating make this a high-priority patch.

Python Code Injection RCE
NVD GitHub
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-46656 HIGH PATCH This Week

Broken access control in Bludit CMS versions prior to 3.22.0 allows deleted user accounts to retain full authenticated access through pre-existing 'Ghost Sessions' that are never invalidated upon account removal. An authenticated attacker whose account is subsequently revoked can continue performing privileged operations until the session naturally expires. No public exploit identified at time of analysis, though the fix commit on GitHub publicly discloses the exact root cause.

Authentication Bypass Bludit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25558 MEDIUM POC This Month

Stored cross-site scripting in QloApps through 1.7.0 enables authenticated administrators to inject persistent JavaScript into the application by uploading SVG files containing malicious event handlers (e.g., onload) via the admin file manager. Any user who subsequently views the uploaded file triggers the embedded script in their browser, crossing a security boundary (S:C) from the admin upload context into arbitrary victim sessions. Publicly available exploit code exists per VulnCheck and a linked GitHub issue; no active exploitation has been confirmed by CISA KEV.

XSS Qloapps
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-9506 HIGH This Week

Arbitrary file read in Bagisto v2.4.1 allows unauthenticated remote attackers to retrieve sensitive files outside the web root by injecting path traversal sequences into the filename parameter of the ImageCacheController. The CVSS 4.0 base score of 8.7 reflects network-reachable, no-privilege, no-interaction exploitation with high confidentiality impact, and no public exploit identified at time of analysis.

Path Traversal Bagisto
NVD VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-11498 HIGH This Week

Stack-based buffer overflow in Tenda HG7, HG9, and HG10 ONT/router devices (firmware 300001138_en_xpon) allows authenticated remote attackers to corrupt memory by manipulating the funckey_transfer parameter sent to the /boaform/voip_other_set endpoint handled by the asp_voip_OtherSet function. Publicly available exploit code exists via a dedicated GitHub proof-of-concept repository, and the flaw scores CVSS 4.0 8.7 with full confidentiality, integrity, and availability impact. No public exploit identified in CISA KEV at time of analysis, but exposure of the Web Management Interface to untrusted networks materially raises real-world risk.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-49235 HIGH PATCH GHSA This Week

Denial of service in NLnet Labs Routinator allows remote attackers to crash the RPKI validator by serving a crafted Document Type Definition (DTD) inside RRDP repository content. Exploitation requires no authentication or user interaction (CVSS 4.0 8.7, VA:H), and no public exploit identified at time of analysis. A successful crash halts RPKI relying-party processing, which can degrade route origin validation for networks that depend on Routinator output.

Denial Of Service Routinator
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-49232 HIGH This Week

Denial of service in NLnet Labs Routinator allows remote unauthenticated attackers to crash the daemon by opening a large number of HTTP or RTR connections, exhausting file descriptors and triggering an unrecoverable exit. Only deployments exposing the HTTP or RTR server to untrusted networks are affected. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Routinator
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-43973 HIGH PATCH This Week

Memory exhaustion denial of service in Ninenines Gun (Erlang HTTP client) versions 1.0.0 through 2.3.x allows a malicious or compromised HTTP/1.1 server to crash the entire BEAM node by sending an unterminated response. The gun_http module accumulates incoming bytes into a per-connection buffer without any size ceiling, and since BEAM imposes no default per-process heap limit, a single connection can consume all node memory. No public exploit identified at time of analysis, though the upstream patch and accompanying test cases publicly demonstrate the triggering server behavior.

Denial Of Service Gun
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-43974 HIGH PATCH This Week

Denial-of-service in the Erlang HTTP client library Ninenines gun (versions 2.0.0 through 2.3.x) lets a malicious or compromised HTTP/1.1 server force any gun client into raw protocol mode by returning an unsolicited 101 Switching Protocols response, after which the server can flood the client owner process with unbounded gun_data messages and exhaust BEAM VM memory. No public exploit identified at time of analysis, but the fix is trivial and the issue is reachable from any plain HTTP/1.1 request to an attacker-controlled host. CVSS 4.0 8.7 reflects the unauthenticated, network-reachable, high-availability-only impact.

Denial Of Service Gun
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-8833 HIGH PATCH This Week

Stored/reflected cross-site scripting in Checkmk monitoring platform versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 releases allows authenticated users to bypass URL validation by leveraging HTML-encoded characters, enabling injection of javascript: URIs that execute in another user's browser session. The CVSS 4.0 score of 8.5 reflects the high impact on confidentiality, integrity, and availability when a victim interacts with a crafted link, though no public exploit identified at time of analysis and the issue requires both low-privilege authentication and user interaction.

XSS Checkmk
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-8913 HIGH PATCH This Week

Authenticated command injection in the TP-Link Archer MR600 v5 router allows administrators on the adjacent network to execute arbitrary OS commands via the WireGuard client configuration in the web management interface. The flaw stems from improper neutralization of user-controlled input when configuration changes are applied, enabling full device compromise. No public exploit identified at time of analysis, but TP-Link has released a firmware patch.

Command Injection Archer Mr600 V5
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2026-7186 HIGH PATCH This Week

Stored cross-site scripting in Checkmk monitoring platform allows a low-privileged user with dashboard editing rights to embed a javascript: URI inside the URL dashboard widget, which then executes in the browser of any other user viewing that dashboard. The flaw affects Checkmk versions prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 releases, and carries a CVSS 4.0 score of 8.5 due to the high confidentiality and integrity impact achievable against higher-privileged operators. No public exploit identified at time of analysis, but the prerequisite (dashboard edit permission) is commonly granted to operations staff.

XSS Checkmk
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-46288 HIGH PATCH This Week

Use-after-free in the Linux kernel's Open Firmware (OF) device-tree unit test code (of_unittest_changeset) allows reads of freed memory when the unit test path executes. The flaw lives in selftest code (drivers/of/unittest.c) reachable only when CONFIG_OF_UNITTEST is built in and the test runs, making real-world impact narrow. EPSS is 0.02% (5th percentile) and there is no public exploit identified at time of analysis; the bug has been fixed upstream and backported to stable trees.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-49233 HIGH PATCH GHSA This Week

Path traversal in NLnet Labs Routinator allows remote attackers to escape the rsync cache directory by supplying rsync URIs whose module component contains '..' sequences, enabling read/write access across the entire Routinator rsync cache filesystem. The flaw is network-reachable and requires no authentication, and no public exploit identified at time of analysis. CVSS 4.0 of 8.3 reflects high integrity and availability impact with an attack requirement (AT:P) reducing it from critical.

Path Traversal Routinator
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-46307 HIGH PATCH This Week

Out-of-bounds array write in the Linux kernel's ath5k wireless driver allows a stray write of a -1 sentinel value into adjacent struct memory when ts_final_idx reaches 3 on Atheros 5212 chipsets. The kernel maintainers and the original reporter explicitly describe the impact as negligible, as the only field overwritten is info->status.ack_signal, with no public exploit identified at time of analysis and an EPSS score of 0.02% (7th percentile).

Linux Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9669 HIGH PATCH This Week

Stack-based buffer overflow in CPython's bz2.BZ2Decompressor allows remote attackers to crash Python applications by sending crafted bzip2 data when the application reuses the decompressor object after catching a prior OSError. The flaw stems from libbz2's internal state being left inconsistent after a decompression error, and reuse causes out-of-bounds writes to a stack buffer. No public exploit identified at time of analysis and the issue is not in CISA KEV; the practical impact is denial of service against Python services that process untrusted bzip2 streams.

Stack Overflow Buffer Overflow Cpython
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-49755 HIGH PATCH This Week

Memory exhaustion in wojtekmach Req (Elixir HTTP client) versions 0.1.0 through 0.6.0 allows attacker-controlled HTTP servers to crash the BEAM process via decompression-bomb response bodies. Because Req enabled automatic body decompression and archive decoding by default with no size caps, a sub-megabyte response advertising gzip/zip/tar content can expand to multiple gigabytes in memory. No public exploit identified at time of analysis, but the fix and root cause are documented in the upstream advisory GHSA-655f-mp8p-96gv.

Denial Of Service Req
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-49234 HIGH PATCH GHSA This Week

Denial of service in NLnet Labs Routinator (an RPKI Relying Party software) allows remote attackers to crash the daemon by sending a specifically crafted non-UTF-8 string in the select-asn query parameter to the /api/v1/origins HTTP endpoint. The flaw only impacts deployments that expose the API to untrusted networks, and no public exploit has been identified at time of analysis. CVSS 4.0 base score is 8.2 driven by high availability impact to both the vulnerable component and downstream RPKI consumers.

Denial Of Service Routinator
NVD VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-46303 HIGH PATCH This Week

Out-of-bounds disk read in the Linux kernel ISO 9660 filesystem (isofs) Rock Ridge handler allows narrow information disclosure when a crafted ISO image is mounted. The rock_continue() function trusted the CE continuation extent block number from the on-disk Rock Ridge record and passed it to sb_bread() without bounds checking against the volume size, so a malicious ISO can cause the kernel to read blocks belonging to an adjacent filesystem on the same block device and surface their contents through readlink() on SL sub-records. EPSS is 0.02%, no public exploit identified at time of analysis, and the issue is not on CISA KEV.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-47719 HIGH GHSA This Week

Server-side request forgery in FUXA SCADA/HMI server (npm package fuxa-server <= 1.1.14-1243) allows unauthenticated remote attackers to connect to the Socket.IO endpoint and coerce the server to issue arbitrary HTTP(S), OPC UA, or ODBC requests with response bodies echoed back to the caller. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-w86f-rf9w-h3x6 provides full handler-level reproduction details and the fix is shipped in release v1.3.2.

Oracle SSRF
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-46484 HIGH PATCH This Week

Authorization bypass in Headplane (the web UI for Headscale) prior to 0.6.3 and 0.7.0-beta.3 allows authenticated low-privilege users to escape the intended Headscale API endpoint via path traversal sequences embedded in node and user rename values. By smuggling traversal payloads through un-encoded URL path segments, an attacker can reach arbitrary Headscale API operations, breaking the RBAC model and impacting integrity and availability of the tailnet. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Path Traversal Headplane
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-41723 HIGH This Week

Stored cross-site scripting in VMware Cloud Foundation Operations (formerly Aria Operations) allows authenticated users with policy, view, or text-widget creation privileges to inject malicious scripts that execute in other users' browsers, including administrators. Affected products include VCF Operations 5.x through 9.1.x, VMware Aria Operations 8.18.x, and VMware Telco Cloud Platform 5.x. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS VMware Vcf Operations Vmware Aria Operations Vmware Telco Cloud Platform
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-46294 HIGH PATCH This Week

Out-of-bounds kernel memory write in the Linux kernel device-mapper ioctl subsystem (dm-ioctl) affects the retrieve_status function, where an unchecked align_ptr() call on the output pointer can advance it past the end of the caller-supplied buffer, causing a wrapped-around 'remaining' length calculation and subsequent overflow writes. Exploitation requires local privileges to issue device-mapper ioctls (root/CAP_SYS_ADMIN), and there is no public exploit identified at time of analysis; EPSS is negligible at 0.03% (9th percentile). The upstream maintainers explicitly note the flaw has no practical security impact because only root can trigger it and standard libraries (libdevmapper, devicemapper-rs) use 8-byte-aligned buffers that never overshoot.

Memory Corruption Linux Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46301 HIGH PATCH This Week

Local privilege escalation and memory corruption in the Linux kernel's topcliff-pch (pch_spi) SPI master driver arises from a use-after-free triggered when the driver is unbound, because DMA buffers are released before the driver's transfer queue is flushed. An attacker with the ability to unbind the device can cause the freed DMA buffers to be accessed by in-flight SPI transfers, yielding CWE-416 memory corruption with high confidentiality, integrity, and availability impact (CVSS 7.8). There is no public exploit identified at time of analysis, and the EPSS probability is negligible (0.02%), consistent with an obscure, hardware-specific driver rather than a broadly exploitable flaw.

Memory Corruption Linux Use After Free Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46285 HIGH PATCH This Week

Local memory corruption in the Linux kernel's mtd/docg3 M-Systems DiskOnChip driver occurs when docg3_release() dereferences a docg3 pointer already freed by doc_release_device() (kfree at line 1881), a CWE-416 use-after-free reachable during device teardown. Only systems that load the docg3 driver for DiskOnChip G3 flash hardware are affected. There is no public exploit identified at time of analysis, EPSS is negligible (0.02%, 7th percentile), and the issue is not in CISA KEV; it has been fixed upstream across multiple stable branches.

Memory Corruption Linux Use After Free Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46275 HIGH PATCH This Week

Use-After-Free and race conditions in the Linux kernel's Bluetooth hci_uart driver (drivers/bluetooth/hci_uart.c) enable a local low-privileged user to corrupt kernel heap memory, potentially escalating to root. The flaw stems from improper lifecycle management of the hci_uart struct and its associated workqueues: when a TTY hangup interrupts Bluetooth UART initialization before HCI_UART_PROTO_READY is set, teardown skips workqueue cancellation, leaving deferred work items to dereference freed memory. Three compounding sub-issues - a tx_skb double-free, a vendor callback UAF via premature hci_free_dev(), and proto_lock races during error paths - are all resolved in patched stable releases. No public exploit is known and EPSS at 0.02% (7th percentile) signals low near-term exploitation probability despite the CVSS 7.8 rating.

Linux Denial Of Service Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46311 HIGH PATCH This Week

Local privilege escalation in the Linux kernel's AMD GPU userqueue (drm/amdgpu/userq) driver allows a low-privileged local user to exploit a race condition between queue creation and wptr_obj unmapping, resulting in access to stale wptr mappings and potential substitution of a buffer object at the same address. The flaw affects AMD GPU userqueue handling and could enable memory corruption with high impact to confidentiality, integrity, and availability. No public exploit has been identified at time of analysis, and EPSS rates exploitation probability at just 0.02%.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46280 HIGH PATCH This Week

Use-after-free in the Linux kernel's HMM (Heterogeneous Memory Management) test driver (lib/test_hmm) allows local users to trigger a kernel panic and potentially escalate privileges when device private pages are faulted in after the dmirror file descriptor is closed. The flaw was discovered during arm64 selftest runs where a SIGABRT coredump walked stale VMAs and dereferenced a dangling zone_device_data pointer. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but the bug is fixed upstream across multiple stable trees.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46277 HIGH PATCH This Week

Use-after-free in the Linux kernel's mm/zone_device subsystem allows local attackers with low privileges to corrupt memory or escalate privileges by exploiting a race where a device folio is accessed after the driver's ->folio_free() callback has already reallocated it with a potentially different order. The flaw affects systems using ZONE_DEVICE memory (typically with DAX, HMM, or GPU/accelerator drivers exposing device-backed folios) and carries a 7.8 CVSS with low EPSS (0.02%, 5th percentile), indicating high theoretical impact but no public exploit identified at time of analysis.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46274 HIGH PATCH This Week

Local privilege escalation via use-after-free in the Linux kernel io_uring io-wq worker subsystem allows an unprivileged local user to corrupt kernel memory and potentially execute arbitrary code in kernel context. The flaw lives in io_wq_remove_pending(), where a missing io_wq_is_hashed() check on the predecessor work item lets a non-hashed io_kiocb be recorded in wq->hash_tail[0]; after that request is freed back to req_cachep, the stale pointer is dereferenced on the next hashed bucket-0 enqueue. EPSS is very low (0.02%) and no public exploit identified at time of analysis, but the bug is reachable from any process that can issue io_uring syscalls.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46308 HIGH PATCH This Week

Local privilege escalation and memory corruption in the Linux kernel's MediaTek power-domain (pmdomain) driver stems from a use-after-free in scpsys_get_bus_protection_legacy(), where a device node is released via of_node_put() before the error path dereferences it in dev_err_probe(). Affecting kernels using the MediaTek SCPSYS legacy bus-protection code path (typically ARM/ARM64 MediaTek SoC platforms), a local low-privileged attacker able to influence the probe error path could corrupt freed kernel memory, with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.02%, 4th percentile).

Memory Corruption Mediatek Linux Use After Free Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46281 HIGH PATCH This Week

Out-of-bounds write in the Linux kernel's vmalloc subsystem (vrealloc_node_align()) lets a local low-privileged actor trigger heap memory corruption when a vmalloc-backed object is shrunk while also forcing reallocation for NUMA-node or alignment reasons. Introduced by commit 4c5d3365882d in the 6.18 development series and carried into stable trees, the flaw causes the code to memcpy the old (larger) size into a smaller new buffer. There is no public exploit identified at time of analysis and EPSS is very low (0.02%), reflecting a subsystem-internal bug rather than a broadly reachable network attack surface.

Memory Corruption Linux Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46279 HIGH PATCH This Week

Improper handling of allocation-profiling codetags in the Linux kernel's mm/alloc_tag subsystem causes an 'alloc_tag was not set' WARNING when pages allocated before page_ext initialization are later freed, because their codetag reference was never set. This affects local systems running kernels built with the debug option CONFIG_MEM_ALLOC_PROFILING_DEBUG and with mem_profiling_compressed disabled, and is triggered by ordinary boot-time activity (e.g. KASAN quarantine reclaim freeing early-allocated pages). It is classified under CWE-415 (double free) but the observed effect is a kernel warning splat; there is no public exploit identified at time of analysis and EPSS is negligible (0.02%).

Linux Red Hat Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40519 HIGH PATCH This Week

Authenticated remote code execution in Nginx Proxy Manager versions 2.9.14 through 2.15.1 allows users holding the certificates:manage permission to inject arbitrary OS commands via the dns_provider_credentials field, which executes on backend restart as the service account. No public exploit has been identified at time of analysis, but the vendor patch (commit a5db5ed) and a VulnCheck advisory disclose the exact sink (child_process.exec in setupCertbotPlugins), making weaponization straightforward. CVSS 7.5 (AV:N/AC:H/PR:L) reflects the authentication and timing prerequisites rather than reduced impact - successful exploitation yields full code execution on the proxy host.

RCE Nginx Command Injection Nginx Proxy Manager
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-36786 HIGH This Week

Denial of service in Tenda FH451 router firmware V1.0.0.9 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the list1 parameter of the fromDhcpListClient function. Publicly available exploit code exists in a GitHub research repository, though the vulnerability is not listed in CISA KEV and no EPSS score has been published at time of analysis. Impact is limited to availability - no confidentiality or integrity loss is indicated.

Denial Of Service Tenda Stack Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-46441 HIGH PATCH GHSA This Week

Cross-workspace tenant isolation bypass in FlowiseAI versions prior to 3.1.2 allows authenticated low-privileged users to reassign assistant resources to arbitrary workspaces by manipulating server-controlled fields in the assistant update endpoint. The flaw is a mass assignment issue (CWE-284) tracked as EUVD-2026-35109, with publicly available exploit code exists via the GHSA advisory PoC, though no public exploit identified at time of analysis as widely deployed exploitation. SSVC indicates total technical impact but non-automatable exploitation.

Authentication Bypass Flowise
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.0%
CVE-2026-36789 HIGH This Week

Denial of service in Tenda AC1206 routers (firmware v15.03.06.23) is triggered by stack-based buffer overflows in the fromGstDhcpSetSer function reachable through the username and password parameters of a crafted HTTP request. Remote attackers with network reach to the device's web management interface can crash the service without authentication, and no public exploit identified at time of analysis although proof-of-concept research material is hosted on GitHub.

Denial Of Service Tenda Stack Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-47736 HIGH PATCH GHSA This Week

Remote denial-of-service in Puma Ruby web server versions 5.5.0 through 7.2.0 and 8.0.0 through 8.0.1 allows unauthenticated attackers to exhaust process memory by opening a TCP connection and sending data without CRLF terminators when PROXY protocol v1 support is enabled. The vulnerability lives in the PROXY v1 pre-parse buffer, which grows without bound while Puma waits for the '\r\n' delimiter, leading to OOM kills or container restarts. No public exploit identified at time of analysis, and the issue only affects servers explicitly opting into the non-default `set_remote_address proxy_protocol: :v1` configuration.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-46340 HIGH PATCH GHSA This Week

Memory exhaustion denial-of-service in Netty's netty-transport-sctp module (versions <= 4.1.134.Final and 4.2.0.Final through 4.2.14.Final) allows remote unauthenticated attackers to crash JVM processes by sending unbounded SCTP DATA fragments that never set the complete flag. The flaw stems from the SCTP reassembly handler wrapping each new fragment into a fresh CompositeByteBuf around the prior accumulator, producing an N-deep recursive buffer chain that consumes memory and CPU per access, with no public exploit identified at time of analysis.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-45416 HIGH PATCH GHSA This Week

Remote denial-of-service in Netty's netty-handler component allows unauthenticated attackers to exhaust server memory by sending a crafted TLS ClientHello with an attacker-controlled 24-bit handshake length field, triggering an immediate ~16 MiB unpooled heap allocation per connection. Affects Netty 4.1.x through 4.1.134.Final and 4.2.x through 4.2.14.Final when using the default SniHandler/AbstractSniHandler constructors, which disable both the length guard and handshake timeout. No public exploit identified at time of analysis, but the trivial nine-byte trigger and CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/A:H) make weaponization straightforward.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44893 HIGH PATCH GHSA This Week

Memory leak in Netty's HAProxy codec (io.netty:netty-codec-haproxy) allows remote unauthenticated attackers to exhaust server memory by sending PROXY protocol v2 frames containing a malformed PP2_TYPE_SSL TLV with a length below 5 bytes. The flaw causes a retained slice on the pooled cumulation buffer to never be released when an IndexOutOfBoundsException escapes the decoder's narrow exception handler. No public exploit identified at time of analysis, but the issue is trivially reproducible from the advisory's technical detail and affects any service that accepts PROXY v2 input from untrusted peers.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44892 HIGH PATCH GHSA This Week

Remote denial-of-service in Netty's HTTP/3 codec (io.netty:netty-codec-http3, versions 4.2.0.Final through 4.2.14.Final) allows an unauthenticated attacker to exhaust server memory by streaming an unbounded number of HTTP/3 headers over a single connection until the JVM throws an OutOfMemoryError. The flaw stems from an insecure default in Http3ConnectionHandler that follows RFC 9114's unlimited HTTP3_SETTINGS_MAX_FIELD_SECTION_SIZE rather than mirroring the 8192-byte cap Netty applies to HTTP/1.1 and HTTP/2. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, but the vendor advisory (GHSA-c2rx-5r8w-8xr2) rates the issue high severity and a fix is shipped in 4.2.15.Final.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42536 HIGH PATCH This Week

Denial of service in Apache HTTP Server 2.4.0 through 2.4.67 allows remote unauthenticated attackers to crash the server by submitting untrusted XML content processed by the mod_xml2enc module's xml2StartParse function. The flaw is a CWE-122 heap-based buffer overflow with a CVSS 7.5 score reflecting high availability impact only, and no public exploit has been identified at time of analysis.

Heap Overflow Apache Buffer Overflow Apache Http Server
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34355 HIGH PATCH This Week

Denial of service in Apache HTTP Server 2.4.0 through 2.4.67 stems from a heap buffer overflow in the mod_proxy_html output filter, where a malicious or compromised backend can return crafted HTML that corrupts memory in the proxying httpd worker. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) reflects unauthenticated network exploitation with availability-only impact, and no public exploit was identified at time of analysis.

Heap Overflow Apache Buffer Overflow Apache Http Server
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy