Skip to main content
CVE-2026-49841 CRITICAL PATCH Act Now

Heap buffer overflow in FreeSWITCH mod_verto prior to version 1.11.1 allows remote unauthenticated attackers to corrupt up to ~8 MiB of heap memory by sending a crafted HTTP POST request with an oversized Content-Length header. The flaw is triggered before HTTP basic-auth validation runs, enabling pre-authentication exploitation against any exposed mod_verto HTTP endpoint, with CVSS 9.8 reflecting potential for remote code execution; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Freeswitch
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-41855 CRITICAL PATCH Act Now

Unsafe JSON deserialization in Spring Framework's JMS message converters (MappingJackson2MessageConverter and JacksonJsonMessageConverter) lets an attacker who controls JMS message content instantiate arbitrary classes, enabling gadget-chain attacks that can escalate to unauthorized actions or remote code execution. It affects Spring Framework 5.3.0-5.3.48, 6.1.0-6.1.27, 6.2.0-6.2.18, and 7.0.0-7.0.7 when applications consume messages from an untrusted JMS source. There is no public exploit identified at time of analysis, and despite a 9.8 CVSS the EPSS probability is only 0.04% and CISA SSVC rates exploitation as 'none'.

Deserialization Java Spring Framework
NVD HeroDevs VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-36721 CRITICAL Act Now

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

Authentication Bypass Jwt Attack
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-38615 CRITICAL Act Now

DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.

PHP Command Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-46325 CRITICAL PATCH Act Now

Memory corruption in the Linux kernel's RDMA Soft-RoCE (rxe) driver allows incorrect iova-to-virtual-address translation when Memory Region (MR) page sizes differ from the system PAGE_SIZE, leading to access of wrong memory pages during RDMA operations. The flaw affects kernels from 6.3 through pre-6.18.14 / pre-6.19.4 / pre-7.0 patched releases, and a related kernel panic was previously reported by Yi Zhang. EPSS is 0.02% (4th percentile) and no public exploit identified at time of analysis, but a patch is available from upstream.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-9698 CRITICAL PATCH Act Now

Stack-based buffer overflow in Perl DBI module versions prior to 1.648 allows attackers who can influence database error message content to corrupt memory via a fixed 200-byte stack buffer used during error formatting. The flaw is triggered when applications enable RaiseError, PrintError, or HandleError handlers - a near-universal configuration in production Perl database code. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.02% despite the CVSS 9.8 rating.

Memory Corruption Buffer Overflow Dbi
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-10045 CRITICAL Act Now

Hardcoded credentials and default-enabled telnet on the Shenzhen Kangda Xin DR300 router (firmware 2.1.2.121) allow remote unauthenticated attackers to gain full administrative access over both WAN and LAN interfaces. With CVSS 9.8 and SSVC indicating proof-of-concept exploit code with total technical impact, attackers can read/write device memory, modify flash-resident firmware, and enumerate connected devices and active connections. No CISA KEV listing exists, but publicly available exploit code exists and the issue is automatable.

Information Disclosure Dr300
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-8025 CRITICAL Act Now

Remote SQL injection in MOSK Information Technologies CBS Platform (versions through 09062026) allows unauthenticated attackers to inject arbitrary SQL commands over the network without user interaction, yielding full confidentiality, integrity, and availability impact (CVSS 9.8). The vendor confirmed to TR-CERT that the product is no longer supported, so no official fix will be issued. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

SQLi Cbs Platform
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-7486 CRITICAL PATCH Act Now

SQL injection in Netcad Software's E-İmar urban planning/permit management platform (versions 2.10.1.0 through 3.0.2) allows remote unauthenticated attackers to manipulate backend database queries via crafted input. The CVSS 9.8 rating reflects network-reachable exploitation with no authentication or user interaction required, leading to full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis, but the disclosure by Turkey's national CERT (TR-CERT) indicates coordinated vendor notification.

SQLi E I Mar
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-27671 CRITICAL NEWS Act Now

Unauthenticated remote memory corruption in the SAP Kernel of SAP NetWeaver Application Server ABAP and ABAP Platform allows attackers to compromise confidentiality, integrity, and availability by sending crafted RFC requests that trigger logical errors in memory management. The CVSS 9.8 score reflects network-reachable, no-privileges, no-interaction exploitation against a foundational SAP component, though no public exploit identified at time of analysis and exploitation status beyond the vendor disclosure is not confirmed in CISA KEV.

SAP Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-11651 CRITICAL PATCH Act Now

Remote code execution in Google Chrome's Network component before version 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) classified High severity by Chromium with a CVSS 9.6 due to scope change and user-interaction prerequisite. No public exploit identified at time of analysis, but a vendor patch is already shipped via the Stable channel update.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11671 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome before 149.0.7827.103 allows a remote attacker to break out of the renderer sandbox through a use-after-free in the Navigation component when a victim visits a crafted HTML page. The CVSS 9.6 score reflects a scope-changing impact on confidentiality, integrity, and availability with only user interaction (visiting a page) required, and no public exploit was identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11654 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for Mac (versions prior to 149.0.7827.103) stems from a use-after-free condition in the CameraCapture component, enabling a remote attacker to break out of the renderer sandbox via a crafted HTML page. With a CVSS of 9.6 (scope-changed, high impact across CIA) and an upstream fix released by Google, the bug carries high severity but requires user interaction to load the malicious page; no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11638 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables remote attackers to break out of the browser's renderer sandbox via a crafted HTML page that triggers a use-after-free in the Printing component. Chromium rated this issue Critical severity, and the CVSS scope change (S:C) confirms the sandbox boundary is crossed; no public exploit identified at time of analysis, but the attack only requires the victim to load attacker-controlled content.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11634 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows remote attackers to exploit a use-after-free flaw in the Gamepad component via a crafted HTML page, requiring only that a victim visit a malicious site. Chromium rates this Critical severity and the CVSS score of 9.6 reflects scope change (sandbox escape) with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, but the bug class and Critical Chromium rating make it a high-priority browser patch.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11697 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker to break out of the browser's renderer sandbox via a crafted HTML page that exploits insufficient input validation in the UI layer. The scope-changing CVSS 9.6 reflects that successful exploitation crosses the sandbox security boundary, though user interaction (visiting a malicious page) is required. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV, but Google rates the underlying Chromium severity as High.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11659 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 can be triggered by an integer overflow in the browser's UI component when a victim visits a crafted HTML page. Rated CVSS 9.6 with scope change, this issue allows a remote attacker to break out of the Chrome renderer sandbox after one click or navigation, though no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-47932 CRITICAL Act Now

Security feature bypass in Adobe ColdFusion 2023 (through Update 19) and ColdFusion 2025 (through Update 8) allows remote attackers to read files outside intended directories via a path traversal flaw, with a scope change that extends impact beyond the vulnerable component. Exploitation requires the victim to open a malicious file, and no public exploit identified at time of analysis; EPSS is low (0.02%) but CVSS is 9.6 due to the scope change and high CIA impact.

Path Traversal Coldfusion
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-42915 MEDIUM PATCH Exploit Unlikely This Month

Denial-of-service in the Windows TCP/IP stack allows an authenticated attacker on an adjacent network to crash the networking subsystem of affected Windows hosts via an incorrect buffer size calculation. Affected systems span Windows 10 (21H2, 22H2), Windows 11 (23H2 through 26H1), Windows Server 2022, and Windows Server 2025 - all unpatched builds within Microsoft-documented version ranges. No public exploit identified at time of analysis, though Microsoft has released fixes addressable via Windows Update; the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 +5
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-42969 MEDIUM PATCH This Month

Windows Push Notifications on a broad range of Windows 10, Windows 11, and Windows Server editions leaks sensitive memory contents to locally authenticated low-privileged users through an uninitialized resource condition (CWE-908). The CVSS vector confirms local attack vector with low-privilege authentication requirement, no user interaction needed, and high confidentiality impact - meaning an attacker who has already obtained a standard user account can read residual memory data that could include tokens, credentials, or other sensitive artifacts. No public exploit code exists and no active exploitation has been identified at time of analysis; a vendor-released patch is available via Microsoft Security Response Center.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-44963 CRITICAL PATCH Act Now

Remote code execution in Veeam Backup & Replication enables an authenticated domain user to execute arbitrary code on the Backup Server, with CVSS 4.0 score of 9.4 reflecting high impact across confidentiality, integrity, and availability of both the vulnerable component and downstream systems. The vulnerability is tagged as a deserialization flaw (CWE-502), and while no public exploit is identified at time of analysis, the low attack complexity and only-low-privilege requirement make this a high-priority patching event for any environment running Veeam in a domain-joined configuration.

Deserialization RCE Backup And Replication
NVD VulDB
CVSS 4.0
9.4
EPSS
0.6%
CVE-2026-42973 MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables a locally authenticated attacker to read sensitive information from memory without elevation of privilege. Affecting a wide range of Windows 10, Windows 11, and Windows Server builds, the vulnerability requires only low-privilege local access and no user interaction to trigger. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with partial technical impact, placing this in a lower-urgency remediation band despite the High confidentiality rating in the CVSS vector.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42971 MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications on multiple Windows 10, Windows 11, and Windows Server versions exposes sensitive memory contents through an uninitialized resource condition, allowing a low-privileged local user to read high-confidentiality data without any user interaction. The CVSS vector (AV:L/PR:L) confirms this is strictly a local privilege issue - no remote attack path exists - limiting its practical blast radius to insider threats and post-compromise lateral reconnaissance. No public exploit has been identified at time of analysis, and Microsoft has released patches addressing all listed affected versions.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42970 MEDIUM PATCH Exploit Unlikely This Month

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables authenticated local attackers to disclose sensitive information across a wide breadth of Microsoft Windows desktop and server platforms. Spanning Windows 10 through Windows 11 25H2 and Windows Server 2012 through Server 2025, the vulnerability carries a CVSS 5.5 Medium score with high confidentiality impact (C:H) but no integrity or availability impact. Microsoft has released patches via the June 2026 Patch Tuesday cycle; no public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-41098 HIGH PATCH Exploit Unlikely This Week

Stored or reflected cross-site scripting in Microsoft Azure Stack Edge enables an authenticated high-privileged attacker to inject malicious script into the management web interface, leading to spoofing attacks across a network with scope change to other components. With CVSS 8.4 reflecting high confidentiality, integrity, and availability impact plus required user interaction, successful exploitation could compromise adjacent Azure resources or administrative sessions. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

XSS Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-45595 MEDIUM PATCH Exploit Unlikely This Month

Mark of the Web (MOTW) protection mechanism failure across a broad range of Windows client and server releases allows unauthenticated network-based attackers to deliver files that evade the Zone.Identifier security tag, bypassing downstream defenses such as SmartScreen and Office Protected View that depend on MOTW presence. User interaction is required to trigger the bypass, limiting automated mass exploitation. No public exploit code exists and CISA has not listed this in KEV; however, the breadth of affected Windows versions - spanning Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through 2025 - gives this vulnerability significant surface area as a link in social-engineering attack chains.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-45482 HIGH PATCH Exploit Unlikely This Week

Security feature bypass via path traversal in GitHub Copilot and Visual Studio Code allows a local unauthorized attacker to escape a restricted directory and reach files or resources that should be inaccessible. The flaw is tracked under CWE-22 with a CVSS 3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N) reflecting high confidentiality, integrity, and availability impact from local exploitation. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Path Traversal Visual Studio Code
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-45655 MEDIUM PATCH Exploit Unlikely This Month

BitLocker drive encryption on Windows can be bypassed by a physically present, unauthenticated attacker, exposing protected volume contents with high confidentiality impact. Classified as CWE-693 (Protection Mechanism Failure), the flaw undermines BitLocker's core threat model - data-at-rest protection - across a wide range of Windows 10, Windows 11, and Windows Server releases from 2012 through 2025. No public exploit has been identified at time of analysis, and Microsoft has released patches for all affected versions; however, the physical access requirement means organizations with mobile or physically accessible systems should treat this as a higher operational priority than the CVSS score alone implies.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-41031 CRITICAL PATCH Act Now

Stored cross-site scripting in Vinna Process Monitor 4.0 Service Pack 1 (Build 63255) allows authenticated low-privilege users to inject persistent JavaScript that executes in other users' browsers, enabling theft of administrative session tokens and credentials. The CVSS 4.0 score of 9.3 reflects the cross-scope impact whereby a low-privileged attacker can escalate to administrative control. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

XSS Vinna Process Monitor
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-47349 MEDIUM POC PATCH GHSA This Month

Insufficient authorization in TYPO3 CMS's Recycler module allows authenticated backend users to restore soft-deleted records on pages or database tables they are not permitted to modify, resulting in unauthorized integrity impact across the content management system. Affected are TYPO3 CMS versions before 10.4.57 and multiple branches through 14.3.3, with fixes delivered via two upstream commits and documented under TYPO3-CORE-SA-2026-011. No public exploit code or CISA KEV listing has been identified at time of analysis, but the attack is network-accessible and requires only low-privilege backend credentials.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-46316 CRITICAL PATCH Act Now

Use-after-free in the KVM arm64 vGIC-ITS translation cache allows a malicious guest to corrupt host kernel memory by triggering concurrent cache invalidations that double-drop a single reference. The flaw affects Linux 6.10 and later until the stable backports, has no public exploit identified at time of analysis, and EPSS rates real-world exploitation probability as very low (0.02%, 5th percentile) despite the CVSS 9.3 rating.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-25860 MEDIUM POC This Month

Reflected cross-site scripting in OpenClinic GA 5.351.19's DICOM image upload handler allows unauthenticated remote attackers to execute arbitrary JavaScript in authenticated users' browsers by embedding payloads in DICOM file metadata fields such as Study Description, which are reflected unsanitized through popup.jsp and archiving/uploadfiles_jsp.java. A publicly available proof-of-concept exists, and the researcher's published chain explicitly demonstrates escalation from this XSS primitive to remote code execution, materially elevating the real-world severity beyond the CVSS 5.3 score. No public exploit identified as confirmed actively exploited (CISA KEV) at time of analysis, but the healthcare context and documented RCE chain make this a high-priority finding for any OpenClinic GA deployment.

XSS Java
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-10731 CRITICAL PATCH Act Now

Unauthenticated SQL injection in Nemon Trade Energy and Nemon Trade Energy CRM allows remote attackers to execute arbitrary SQL queries through the 'two_steps_auth_code' parameter on the '/user-login' endpoint. The 2FA verification flow is reachable without prior authentication, enabling full database compromise; no public exploit identified at time of analysis, but a vendor patch is available per the INCIBE advisory.

SQLi Nemon Trade Energy Nemon Trade Energy Crm
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-42835 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Teams for Android allows an authenticated remote attacker to extract sensitive data via an injection flaw (CWE-74) in output passed to a downstream component. The CVSS 8.1 rating reflects high confidentiality and availability impact over the network with low privileges and no user interaction, though no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Information Disclosure Google Microsoft Teams
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-40376 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Microsoft Visual Studio Code versions 1.0.0 through 1.119.0 allows remote unauthenticated attackers to elevate privileges over a network by exploiting improper input validation (CWE-20). Microsoft has released a patched build (1.119.1) and SSVC rates technical impact as total, though EPSS remains low at 0.09% with no public exploit identified at time of analysis.

Authentication Bypass Visual Studio Code
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-45602 CRITICAL PATCH Exploit Unlikely Act Now

Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data with high confidentiality and integrity impact, as reflected by the 9.1 CVSS score. The vulnerability is reachable over the network without privileges or user interaction, and no public exploit identified at time of analysis. The combination of authentication bypass tagging and DHCP's role as a core network infrastructure service makes this a high-priority issue for any Windows environment running the DHCP Server role.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-49840 CRITICAL PATCH Act Now

Heap corruption in FreeSWITCH libesl prior to version 1.11.1 allows a malicious or man-in-the-middle Event Socket Library (ESL) peer to crash or corrupt the memory of any process linked against libesl by sending a frame containing a negative Content-Length header. The flaw is pre-authentication and reachable before the client completes authentication to the peer, and no public exploit identified at time of analysis despite a CVSS of 9.1.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-34417 MEDIUM POC This Month

Reflected cross-site scripting in OSCAL-GUI allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by injecting payloads through the unsanitized `project` parameter in `oscal-forms.php`. The parameter is URL-decoded and passed without sanitization into an error message via the `Messages()` function in `oscal-functions.php`, which is then reflected directly into the HTML response body when the supplied project ID does not match any existing record. A publicly available proof-of-concept exploit exists; the vulnerability is not confirmed in CISA KEV, and real-world impact is constrained by the CVSS UI:A requirement for victim interaction, making targeted phishing the primary delivery mechanism.

PHP XSS Oscal Gui
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-47931 CRITICAL Act Now

Arbitrary code execution in Adobe ColdFusion 2023 (through update 19) and 2025 (through update 8) lets an attacker who already holds high-privilege access run code in the context of the current user without any user interaction. The flaw stems from improper input validation (CWE-20) and carries a scope-changed CVSS 9.1, meaning impact can extend beyond the vulnerable component. There is no public exploit identified at time of analysis, EPSS is low (0.04%), and CISA SSVC currently rates exploitation as none, so this is a high-severity but not-yet-exploited issue requiring proactive patching.

RCE Coldfusion
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-36727 CRITICAL Act Now

Authentication bypass in bookcars v8.3 lets remote unauthenticated attackers forge JWT tokens against the /api/social-sign-in endpoint to impersonate arbitrary users. The flaw carries a CVSS 9.1 rating with no public exploit identified at time of analysis, though a third-party vulnerability writeup is referenced on GitHub. EPSS is very low (0.02%, 7th percentile), suggesting limited mass-scanning interest despite the high severity.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-47929 CRITICAL Act Now

Privilege escalation and arbitrary code execution in Adobe ColdFusion 2023 (Update 17 and earlier) and 2025 (Update 8 and earlier) allows a high-privileged remote attacker to bypass authorization controls and execute code in the context of the current user. The flaw is a CWE-863 incorrect-authorization issue with a scope change, raising CVSS to 9.1, but no public exploit identified at time of analysis and EPSS is low (0.02%, 6th percentile). Adobe disclosed the issue via APSB26-64 and a vendor patch is available.

Authentication Bypass RCE Coldfusion
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34182 CRITICAL PATCH NEWS Act Now

Pre-NVD disclosure via GitHub release 'OpenSSL 4.0.1' (openssl/openssl). OpenSSL 4.0.1 is a security patch release. The most severe CVE fixed in this release is High. This release incorporates the following bug fixes and mitigations: * Fixed heap use-after-free in `PKCS7_verify()`. ([CVE-2026-45447]) * Fixed CMS `AuthEnvelopedData` processing may accept forged messages. ([CVE-2026-34182]) * Fixed unbounded memory growth in the QUIC `PATH_CHALLENGE` handler. ([CVE-2026-34183]) * Fixed double-free when checking OCSP stapled respo

OpenSSL Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-45644 HIGH PATCH Exploit Unlikely This Week

Privilege elevation via stored or reflected cross-site scripting in Microsoft Live Share Canvas SDK enables an authenticated attacker on the network to execute script in another user's browser context and gain elevated permissions within collaborative Live Share sessions. The CVSS 8.0 vector reflects high impact across confidentiality, integrity, and availability, though successful exploitation requires both low-level authentication and user interaction. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Microsoft Live Share Canvas
NVD VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-47298 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Office SharePoint enables an authenticated attacker with low privileges to execute arbitrary code over the network when a victim user is induced to perform an action. The flaw stems from an improper authorization check (CWE-285) that fails to enforce expected access boundaries, yielding full confidentiality, integrity, and availability impact (CVSS 8.0). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-40128 CRITICAL NEWS Act Now

Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manipulate file inclusion parameters within crafted HTTP logon requests, leading to inclusion and processing of arbitrary local files. Successful exploitation can expose or modify sensitive data and render portions of the server unavailable, with no public exploit identified at time of analysis but a CVSS of 9.0 reflecting full CIA impact with scope change.

Path Traversal SAP Java
NVD VulDB
CVSS 3.1
9.0
EPSS
0.1%
CVE-2026-45782 HIGH PATCH This Week

Use-after-free in Cloud Hypervisor versions 21.0 through 51.1 allows a malicious guest VM to corrupt host memory in the cloud-hypervisor VMM process by racing duplicate virtio-block descriptor chains against the host's asynchronous I/O completion path. The flaw carries a CVSS 4.0 score of 8.9 with high impact on both the affected VMM and subsequent system scope, indicating a credible VM escape primitive. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Use After Free Memory Corruption Suse
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.0%
CVE-2026-36723 HIGH This Week

Remote code execution in BookCars v8.3 is achievable by authenticated attackers who abuse a path traversal flaw in the /api/create-user endpoint to rename and relocate files from temporary storage to attacker-chosen filesystem paths. The flaw is tagged as Authentication Bypass, Path Traversal, and RCE, and a public write-up exists in a third-party GitHub repository, though it is not listed in CISA KEV and EPSS is low at 0.17% (38th percentile).

RCE Path Traversal Authentication Bypass N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-45591 HIGH PATCH GHSA Exploit Unlikely This Week

Remote denial of service in ASP.NET Core enables unauthenticated network attackers to exhaust server resources and disrupt application availability. The CVSS 7.5 score reflects high availability impact with low attack complexity and no required privileges or user interaction, though no public exploit identified at time of analysis. Microsoft (secure@microsoft.com) is the reporting source via MSRC, indicating a vendor-coordinated disclosure.

Denial Of Service Asp Net Core Visual Studio 2026 Net
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2026-47292 HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in Microsoft Visual Studio Code allows an unprivileged attacker to gain higher privileges on a host by tricking a user into triggering inclusion of functionality from an untrusted control sphere (CWE-94 code injection class). The flaw requires user interaction and local access per the CVSS vector (AV:L/UI:R), yielding full confidentiality, integrity, and availability impact at CVSS 7.8. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Code Injection RCE Visual Studio Code
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-45447 HIGH PATCH This Week

Heap use-after-free in OpenSSL's PKCS7_verify() function affects multiple supported branches (1.0.2, 1.1.1, 3.0.x, 3.4.x, 3.5.x, 3.6.x, and 4.0.0) and is fixed in OpenSSL 4.0.1. Authenticated remote attackers able to submit crafted PKCS#7 signed data to a vulnerable application can trigger memory corruption leading to high-impact compromise of confidentiality, integrity, and availability per CVSS 8.8. No public exploit identified at time of analysis; EPSS is low (0.12%, 30th percentile) and CISA SSVC reports no observed exploitation, though the flaw is rated automatable with total technical impact.

OpenSSL Information Disclosure Use After Free Memory Corruption
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
Prev Page 2 of 16 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy